diff --git a/assuredworkloads/v1/assuredworkloads-api.json b/assuredworkloads/v1/assuredworkloads-api.json index 4962f269582..48eb679d8df 100644 --- a/assuredworkloads/v1/assuredworkloads-api.json +++ b/assuredworkloads/v1/assuredworkloads-api.json @@ -215,7 +215,7 @@ ] }, "delete": { - "description": "Deletes the workload. Make sure that workload's direct children are already in a deleted state, otherwise the request will fail with a FAILED_PRECONDITION error. In addition to assuredworkloads.workload.delete permission, the user should also have orgpolicy.policy.set permission on the deleted folder to remove Assured Workloads OrgPolicies.", + "description": "Deletes the workload. Make sure that workload's direct children are already in a deleted state, otherwise the request will fail with a FAILED_PRECONDITION error.", "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/workloads/{workloadsId}", "httpMethod": "DELETE", "id": "assuredworkloads.organizations.locations.workloads.delete", @@ -254,7 +254,7 @@ ], "parameters": { "name": { - "description": "Required. The resource name of the Workload to fetch. This is the workloads's relative path in the API, formatted as \"organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}\". For example, \"organizations/123/locations/us-east1/workloads/assured-workload-1\".", + "description": "Required. The resource name of the Workload to fetch. This is the workload's relative path in the API, formatted as \"organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}\". For example, \"organizations/123/locations/us-east1/workloads/assured-workload-1\".", "location": "path", "pattern": "^organizations/[^/]+/locations/[^/]+/workloads/[^/]+$", "required": true, @@ -519,7 +519,7 @@ } } }, - "revision": "20230331", + "revision": "20230406", "rootUrl": "https://assuredworkloads.googleapis.com/", "schemas": { "GoogleCloudAssuredworkloadsV1AcknowledgeViolationRequest": { @@ -580,8 +580,8 @@ "Assured Workloads For Canada Regions and Support controls", "International Traffic in Arms Regulations", "Assured Workloads for Australia Regions and Support controls Available for public preview consumption. Don't create production workloads.", - "Assured Workloads for Partners;", - "Assured Workloads for Israel", + "Assured Workloads for Partners", + "Assured Workloads for Israel Regions", "Assured Workloads for Israel Regions", "Assured Workloads for Canada Protected B regime" ], @@ -640,7 +640,7 @@ "type": "object" }, "GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest": { - "description": "Request for updating permission settings for a partner workload.", + "description": "Request of updating permission settings for a partner workload.", "id": "GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest", "properties": { "etag": { @@ -675,7 +675,7 @@ "Unknown restriction type.", "Allow the use all of all gcp products, irrespective of the compliance posture. This effectively removes gcp.restrictServiceUsage OrgPolicy on the AssuredWorkloads Folder.", "Based on Workload's compliance regime, allowed list changes. See - https://cloud.google.com/assured-workloads/docs/supported-products for the list of supported resources.", - "Similar to ALLOW_COMPLIANT_RESOURCES but adds the list of compliant resources to the existing list of compliant resources. Effective org-policy of the Folder is considered to ensure there is no disruption to the existing customer workflows." + "Similar to ALLOW_COMPLIANT_RESOURCES but adds the list of compliant resources to the existing list of resources. Effective org-policy of the Folder is considered to ensure there is no disruption to the existing customer workflows." ], "type": "string" } @@ -697,7 +697,7 @@ "type": "boolean" }, "acknowledgementTime": { - "description": "Optional. Timestamp when this violation was acknowledged last. This will be absent when acknowledged field is marked as false.", + "description": "Optional. Timestamp when this violation was acknowledged first. Check exception_contexts to find the last time the violation was acknowledged when there are more than one violations. This field will be absent when acknowledged field is marked as false.", "format": "google-datetime", "type": "string" }, @@ -928,8 +928,8 @@ "Assured Workloads For Canada Regions and Support controls", "International Traffic in Arms Regulations", "Assured Workloads for Australia Regions and Support controls Available for public preview consumption. Don't create production workloads.", - "Assured Workloads for Partners;", - "Assured Workloads for Israel", + "Assured Workloads for Partners", + "Assured Workloads for Israel Regions", "Assured Workloads for Israel Regions", "Assured Workloads for Canada Protected B regime" ], @@ -1005,12 +1005,16 @@ "enum": [ "PARTNER_UNSPECIFIED", "LOCAL_CONTROLS_BY_S3NS", - "SOVEREIGN_CONTROLS_BY_T_SYSTEMS" + "SOVEREIGN_CONTROLS_BY_T_SYSTEMS", + "SOVEREIGN_CONTROLS_BY_SIA_MINSAIT", + "SOVEREIGN_CONTROLS_BY_PSN" ], "enumDescriptions": [ "", "Enum representing S3NS (Thales) partner.", - "Enum representing T_SYSTEM (TSI) partner." + "Enum representing T_SYSTEM (TSI) partner.", + "Enum representing SIA_MINSAIT (Indra) partner.", + "Enum representing PSN (TIM) partner." ], "type": "string" }, @@ -1082,8 +1086,20 @@ ], "type": "string" }, - "ekmProvisioningErrorMessage": { + "ekmProvisioningErrorMapping": { "description": "Detailed error message if Ekm provisioning fails", + "enum": [ + "EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED", + "INVALID_SERVICE_ACCOUNT", + "MISSING_METRICS_SCOPE_ADMIN_PERMISSION", + "MISSING_EKM_CONNECTION_ADMIN_PERMISSION" + ], + "enumDescriptions": [ + "Error is unspecified.", + "Service account is used is invalid.", + "Iam permission monitoring.MetricsScopeAdmin wasn't applied.", + "Iam permission cloudkms.ekmConnectionsAdmin wasn't applied." + ], "type": "string" }, "ekmProvisioningState": { @@ -1106,7 +1122,7 @@ "type": "object" }, "GoogleCloudAssuredworkloadsV1WorkloadKMSSettings": { - "description": "Settings specific to the Key Management Service.", + "description": "Settings specific to the Key Management Service. This message is deprecated. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.", "id": "GoogleCloudAssuredworkloadsV1WorkloadKMSSettings", "properties": { "nextRotationTime": { @@ -1161,7 +1177,7 @@ ], "enumDescriptions": [ "Unknown resource type.", - "Deprecated. Existing workloads will continue to support this, but new CreateWorkloadRequests should not specify this as an input value.", + "Consumer project. AssuredWorkloads Projects are no longer supported. This field will be ignored only in CreateWorkload requests. ListWorkloads and GetWorkload will continue to provide projects information. Use CONSUMER_FOLDER instead.", "Consumer Folder.", "Consumer project containing encryption keys.", "Keyring resource that hosts encryption keys." @@ -1184,7 +1200,7 @@ "type": "string" }, "resourceType": { - "description": "Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT)", + "description": "Indicates the type of resource. This field should be specified to correspond the id to the right resource type (CONSUMER_FOLDER or ENCRYPTION_KEYS_PROJECT)", "enum": [ "RESOURCE_TYPE_UNSPECIFIED", "CONSUMER_PROJECT", @@ -1194,7 +1210,7 @@ ], "enumDescriptions": [ "Unknown resource type.", - "Deprecated. Existing workloads will continue to support this, but new CreateWorkloadRequests should not specify this as an input value.", + "Consumer project. AssuredWorkloads Projects are no longer supported. This field will be ignored only in CreateWorkload requests. ListWorkloads and GetWorkload will continue to provide projects information. Use CONSUMER_FOLDER instead.", "Consumer Folder.", "Consumer project containing encryption keys.", "Keyring resource that hosts encryption keys." diff --git a/assuredworkloads/v1/assuredworkloads-gen.go b/assuredworkloads/v1/assuredworkloads-gen.go index 54147cb3080..9328f1d2635 100644 --- a/assuredworkloads/v1/assuredworkloads-gen.go +++ b/assuredworkloads/v1/assuredworkloads-gen.go @@ -267,8 +267,8 @@ type GoogleCloudAssuredworkloadsV1CreateWorkloadOperationMetadata struct { // "AU_REGIONS_AND_US_SUPPORT" - Assured Workloads for Australia // Regions and Support controls Available for public preview // consumption. Don't create production workloads. - // "ASSURED_WORKLOADS_FOR_PARTNERS" - Assured Workloads for Partners; - // "ISR_REGIONS" - Assured Workloads for Israel + // "ASSURED_WORKLOADS_FOR_PARTNERS" - Assured Workloads for Partners + // "ISR_REGIONS" - Assured Workloads for Israel Regions // "ISR_REGIONS_AND_SUPPORT" - Assured Workloads for Israel Regions // "CA_PROTECTED_B" - Assured Workloads for Canada Protected B regime ComplianceRegime string `json:"complianceRegime,omitempty"` @@ -381,7 +381,7 @@ func (s *GoogleCloudAssuredworkloadsV1ListWorkloadsResponse) MarshalJSON() ([]by } // GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest: Request -// for updating permission settings for a partner workload. +// of updating permission settings for a partner workload. type GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest struct { // Etag: Optional. The etag of the workload. If this is provided, it // must match the server's etag. @@ -434,8 +434,8 @@ type GoogleCloudAssuredworkloadsV1RestrictAllowedResourcesRequest struct { // for the list of supported resources. // "APPEND_COMPLIANT_RESOURCES" - Similar to ALLOW_COMPLIANT_RESOURCES // but adds the list of compliant resources to the existing list of - // compliant resources. Effective org-policy of the Folder is considered - // to ensure there is no disruption to the existing customer workflows. + // resources. Effective org-policy of the Folder is considered to ensure + // there is no disruption to the existing customer workflows. RestrictionType string `json:"restrictionType,omitempty"` // ForceSendFields is a list of field names (e.g. "RestrictionType") to @@ -478,7 +478,9 @@ type GoogleCloudAssuredworkloadsV1Violation struct { Acknowledged bool `json:"acknowledged,omitempty"` // AcknowledgementTime: Optional. Timestamp when this violation was - // acknowledged last. This will be absent when acknowledged field is + // acknowledged first. Check exception_contexts to find the last time + // the violation was acknowledged when there are more than one + // violations. This field will be absent when acknowledged field is // marked as false. AcknowledgementTime string `json:"acknowledgementTime,omitempty"` @@ -766,8 +768,8 @@ type GoogleCloudAssuredworkloadsV1Workload struct { // "AU_REGIONS_AND_US_SUPPORT" - Assured Workloads for Australia // Regions and Support controls Available for public preview // consumption. Don't create production workloads. - // "ASSURED_WORKLOADS_FOR_PARTNERS" - Assured Workloads for Partners; - // "ISR_REGIONS" - Assured Workloads for Israel + // "ASSURED_WORKLOADS_FOR_PARTNERS" - Assured Workloads for Partners + // "ISR_REGIONS" - Assured Workloads for Israel Regions // "ISR_REGIONS_AND_SUPPORT" - Assured Workloads for Israel Regions // "CA_PROTECTED_B" - Assured Workloads for Canada Protected B regime ComplianceRegime string `json:"complianceRegime,omitempty"` @@ -839,6 +841,9 @@ type GoogleCloudAssuredworkloadsV1Workload struct { // "LOCAL_CONTROLS_BY_S3NS" - Enum representing S3NS (Thales) partner. // "SOVEREIGN_CONTROLS_BY_T_SYSTEMS" - Enum representing T_SYSTEM // (TSI) partner. + // "SOVEREIGN_CONTROLS_BY_SIA_MINSAIT" - Enum representing SIA_MINSAIT + // (Indra) partner. + // "SOVEREIGN_CONTROLS_BY_PSN" - Enum representing PSN (TIM) partner. Partner string `json:"partner,omitempty"` // ProvisionedResourcesParent: Input only. The parent resource for the @@ -948,9 +953,18 @@ type GoogleCloudAssuredworkloadsV1WorkloadEkmProvisioningResponse struct { // time period EkmProvisioningErrorDomain string `json:"ekmProvisioningErrorDomain,omitempty"` - // EkmProvisioningErrorMessage: Detailed error message if Ekm + // EkmProvisioningErrorMapping: Detailed error message if Ekm // provisioning fails - EkmProvisioningErrorMessage string `json:"ekmProvisioningErrorMessage,omitempty"` + // + // Possible values: + // "EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED" - Error is + // unspecified. + // "INVALID_SERVICE_ACCOUNT" - Service account is used is invalid. + // "MISSING_METRICS_SCOPE_ADMIN_PERMISSION" - Iam permission + // monitoring.MetricsScopeAdmin wasn't applied. + // "MISSING_EKM_CONNECTION_ADMIN_PERMISSION" - Iam permission + // cloudkms.ekmConnectionsAdmin wasn't applied. + EkmProvisioningErrorMapping string `json:"ekmProvisioningErrorMapping,omitempty"` // EkmProvisioningState: Indicates Ekm enrollment Provisioning of a // given workload. @@ -991,7 +1005,9 @@ func (s *GoogleCloudAssuredworkloadsV1WorkloadEkmProvisioningResponse) MarshalJS } // GoogleCloudAssuredworkloadsV1WorkloadKMSSettings: Settings specific -// to the Key Management Service. +// to the Key Management Service. This message is deprecated. In order +// to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT +// or KEYRING in ResourceSettings.resource_type field. type GoogleCloudAssuredworkloadsV1WorkloadKMSSettings struct { // NextRotationTime: Required. Input only. Immutable. The time at which // the Key Management Service will automatically create a new version of @@ -1078,9 +1094,10 @@ type GoogleCloudAssuredworkloadsV1WorkloadResourceInfo struct { // // Possible values: // "RESOURCE_TYPE_UNSPECIFIED" - Unknown resource type. - // "CONSUMER_PROJECT" - Deprecated. Existing workloads will continue - // to support this, but new CreateWorkloadRequests should not specify - // this as an input value. + // "CONSUMER_PROJECT" - Consumer project. AssuredWorkloads Projects + // are no longer supported. This field will be ignored only in + // CreateWorkload requests. ListWorkloads and GetWorkload will continue + // to provide projects information. Use CONSUMER_FOLDER instead. // "CONSUMER_FOLDER" - Consumer Folder. // "ENCRYPTION_KEYS_PROJECT" - Consumer project containing encryption // keys. @@ -1124,14 +1141,15 @@ type GoogleCloudAssuredworkloadsV1WorkloadResourceSettings struct { ResourceId string `json:"resourceId,omitempty"` // ResourceType: Indicates the type of resource. This field should be - // specified to correspond the id to the right project type - // (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) + // specified to correspond the id to the right resource type + // (CONSUMER_FOLDER or ENCRYPTION_KEYS_PROJECT) // // Possible values: // "RESOURCE_TYPE_UNSPECIFIED" - Unknown resource type. - // "CONSUMER_PROJECT" - Deprecated. Existing workloads will continue - // to support this, but new CreateWorkloadRequests should not specify - // this as an input value. + // "CONSUMER_PROJECT" - Consumer project. AssuredWorkloads Projects + // are no longer supported. This field will be ignored only in + // CreateWorkload requests. ListWorkloads and GetWorkload will continue + // to provide projects information. Use CONSUMER_FOLDER instead. // "CONSUMER_FOLDER" - Consumer Folder. // "ENCRYPTION_KEYS_PROJECT" - Consumer project containing encryption // keys. @@ -1889,10 +1907,7 @@ type OrganizationsLocationsWorkloadsDeleteCall struct { // Delete: Deletes the workload. Make sure that workload's direct // children are already in a deleted state, otherwise the request will -// fail with a FAILED_PRECONDITION error. In addition to -// assuredworkloads.workload.delete permission, the user should also -// have orgpolicy.policy.set permission on the deleted folder to remove -// Assured Workloads OrgPolicies. +// fail with a FAILED_PRECONDITION error. // // - name: The `name` field is used to identify the workload. Format: // organizations/{org_id}/locations/{location_id}/workloads/{workload_i @@ -1996,7 +2011,7 @@ func (c *OrganizationsLocationsWorkloadsDeleteCall) Do(opts ...googleapi.CallOpt } return ret, nil // { - // "description": "Deletes the workload. Make sure that workload's direct children are already in a deleted state, otherwise the request will fail with a FAILED_PRECONDITION error. In addition to assuredworkloads.workload.delete permission, the user should also have orgpolicy.policy.set permission on the deleted folder to remove Assured Workloads OrgPolicies.", + // "description": "Deletes the workload. Make sure that workload's direct children are already in a deleted state, otherwise the request will fail with a FAILED_PRECONDITION error.", // "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/workloads/{workloadsId}", // "httpMethod": "DELETE", // "id": "assuredworkloads.organizations.locations.workloads.delete", @@ -2042,7 +2057,7 @@ type OrganizationsLocationsWorkloadsGetCall struct { // Get: Gets Assured Workload associated with a CRM Node // // - name: The resource name of the Workload to fetch. This is the -// workloads's relative path in the API, formatted as +// workload's relative path in the API, formatted as // "organizations/{organization_id}/locations/{location_id}/workloads/{ // workload_id}". For example, // "organizations/123/locations/us-east1/workloads/assured-workload-1". @@ -2161,7 +2176,7 @@ func (c *OrganizationsLocationsWorkloadsGetCall) Do(opts ...googleapi.CallOption // ], // "parameters": { // "name": { - // "description": "Required. The resource name of the Workload to fetch. This is the workloads's relative path in the API, formatted as \"organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}\". For example, \"organizations/123/locations/us-east1/workloads/assured-workload-1\".", + // "description": "Required. The resource name of the Workload to fetch. This is the workload's relative path in the API, formatted as \"organizations/{organization_id}/locations/{location_id}/workloads/{workload_id}\". For example, \"organizations/123/locations/us-east1/workloads/assured-workload-1\".", // "location": "path", // "pattern": "^organizations/[^/]+/locations/[^/]+/workloads/[^/]+$", // "required": true, diff --git a/assuredworkloads/v1beta1/assuredworkloads-api.json b/assuredworkloads/v1beta1/assuredworkloads-api.json index f59c7b8b941..0c9cb279ee8 100644 --- a/assuredworkloads/v1beta1/assuredworkloads-api.json +++ b/assuredworkloads/v1beta1/assuredworkloads-api.json @@ -595,7 +595,7 @@ } } }, - "revision": "20230331", + "revision": "20230406", "rootUrl": "https://assuredworkloads.googleapis.com/", "schemas": { "GoogleCloudAssuredworkloadsV1beta1AcknowledgeViolationRequest": { @@ -633,73 +633,6 @@ }, "type": "object" }, - "GoogleCloudAssuredworkloadsV1beta1CreateWorkloadOperationMetadata": { - "description": "Operation metadata to give request details of CreateWorkload.", - "id": "GoogleCloudAssuredworkloadsV1beta1CreateWorkloadOperationMetadata", - "properties": { - "complianceRegime": { - "description": "Optional. Compliance controls that should be applied to the resources managed by the workload.", - "enum": [ - "COMPLIANCE_REGIME_UNSPECIFIED", - "IL4", - "CJIS", - "FEDRAMP_HIGH", - "FEDRAMP_MODERATE", - "US_REGIONAL_ACCESS", - "HIPAA", - "HITRUST", - "EU_REGIONS_AND_SUPPORT", - "CA_REGIONS_AND_SUPPORT", - "ITAR", - "AU_REGIONS_AND_US_SUPPORT", - "ASSURED_WORKLOADS_FOR_PARTNERS", - "ISR_REGIONS", - "ISR_REGIONS_AND_SUPPORT", - "CA_PROTECTED_B" - ], - "enumDescriptions": [ - "Unknown compliance regime.", - "Information protection as per DoD IL4 requirements.", - "Criminal Justice Information Services (CJIS) Security policies.", - "FedRAMP High data protection controls", - "FedRAMP Moderate data protection controls", - "Assured Workloads For US Regions data protection controls", - "Health Insurance Portability and Accountability Act controls", - "Health Information Trust Alliance controls", - "Assured Workloads For EU Regions and Support controls", - "Assured Workloads For Canada Regions and Support controls", - "International Traffic in Arms Regulations", - "Assured Workloads for Australia Regions and Support controls Available for public preview consumption. Don't create production workloads.", - "Assured Workloads for Partners;", - "Assured Workloads for Israel", - "Assured Workloads for Israel Regions", - "Assured Workloads for Canada Protected B regime" - ], - "type": "string" - }, - "createTime": { - "description": "Optional. Time when the operation was created.", - "format": "google-datetime", - "type": "string" - }, - "displayName": { - "description": "Optional. The display name of the workload.", - "type": "string" - }, - "parent": { - "description": "Optional. The parent of the workload.", - "type": "string" - }, - "resourceSettings": { - "description": "Optional. Resource properties in the input that are used for creating/customizing workload resources.", - "items": { - "$ref": "GoogleCloudAssuredworkloadsV1beta1WorkloadResourceSettings" - }, - "type": "array" - } - }, - "type": "object" - }, "GoogleCloudAssuredworkloadsV1beta1ListViolationsResponse": { "description": "Response of ListViolations endpoint.", "id": "GoogleCloudAssuredworkloadsV1beta1ListViolationsResponse", @@ -774,7 +707,7 @@ "type": "boolean" }, "acknowledgementTime": { - "description": "Optional. Timestamp when this violation was acknowledged last. This will be absent when acknowledged field is marked as false.", + "description": "Optional. Timestamp when this violation was acknowledged first. Check exception_contexts to find the last time the violation was acknowledged when there are more than one violations. This field will be absent when acknowledged field is marked as false.", "format": "google-datetime", "type": "string" }, @@ -1098,12 +1031,16 @@ "enum": [ "PARTNER_UNSPECIFIED", "LOCAL_CONTROLS_BY_S3NS", - "SOVEREIGN_CONTROLS_BY_T_SYSTEMS" + "SOVEREIGN_CONTROLS_BY_T_SYSTEMS", + "SOVEREIGN_CONTROLS_BY_SIA_MINSAIT", + "SOVEREIGN_CONTROLS_BY_PSN" ], "enumDescriptions": [ "", "Enum representing S3NS (Thales) partner.", - "Enum representing T_SYSTEM (TSI) partner." + "Enum representing T_SYSTEM (TSI) partner.", + "Enum representing SIA_MINSAIT (Indra) partner.", + "Enum representing PSN (TIM) partner." ], "type": "string" }, @@ -1186,8 +1123,20 @@ ], "type": "string" }, - "ekmProvisioningErrorMessage": { + "ekmProvisioningErrorMapping": { "description": "Detailed error message if Ekm provisioning fails", + "enum": [ + "EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED", + "INVALID_SERVICE_ACCOUNT", + "MISSING_METRICS_SCOPE_ADMIN_PERMISSION", + "MISSING_EKM_CONNECTION_ADMIN_PERMISSION" + ], + "enumDescriptions": [ + "Error is unspecified.", + "Service account is used is invalid.", + "Iam permission monitoring.MetricsScopeAdmin wasn't applied.", + "Iam permission cloudkms.ekmConnectionsAdmin wasn't applied." + ], "type": "string" }, "ekmProvisioningState": { diff --git a/assuredworkloads/v1beta1/assuredworkloads-gen.go b/assuredworkloads/v1beta1/assuredworkloads-gen.go index 36649146f6f..b61da31acb2 100644 --- a/assuredworkloads/v1beta1/assuredworkloads-gen.go +++ b/assuredworkloads/v1beta1/assuredworkloads-gen.go @@ -361,75 +361,6 @@ func (s *GoogleCloudAssuredworkloadsV1beta1AnalyzeWorkloadMoveResponse) MarshalJ return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } -// GoogleCloudAssuredworkloadsV1beta1CreateWorkloadOperationMetadata: -// Operation metadata to give request details of CreateWorkload. -type GoogleCloudAssuredworkloadsV1beta1CreateWorkloadOperationMetadata struct { - // ComplianceRegime: Optional. Compliance controls that should be - // applied to the resources managed by the workload. - // - // Possible values: - // "COMPLIANCE_REGIME_UNSPECIFIED" - Unknown compliance regime. - // "IL4" - Information protection as per DoD IL4 requirements. - // "CJIS" - Criminal Justice Information Services (CJIS) Security - // policies. - // "FEDRAMP_HIGH" - FedRAMP High data protection controls - // "FEDRAMP_MODERATE" - FedRAMP Moderate data protection controls - // "US_REGIONAL_ACCESS" - Assured Workloads For US Regions data - // protection controls - // "HIPAA" - Health Insurance Portability and Accountability Act - // controls - // "HITRUST" - Health Information Trust Alliance controls - // "EU_REGIONS_AND_SUPPORT" - Assured Workloads For EU Regions and - // Support controls - // "CA_REGIONS_AND_SUPPORT" - Assured Workloads For Canada Regions and - // Support controls - // "ITAR" - International Traffic in Arms Regulations - // "AU_REGIONS_AND_US_SUPPORT" - Assured Workloads for Australia - // Regions and Support controls Available for public preview - // consumption. Don't create production workloads. - // "ASSURED_WORKLOADS_FOR_PARTNERS" - Assured Workloads for Partners; - // "ISR_REGIONS" - Assured Workloads for Israel - // "ISR_REGIONS_AND_SUPPORT" - Assured Workloads for Israel Regions - // "CA_PROTECTED_B" - Assured Workloads for Canada Protected B regime - ComplianceRegime string `json:"complianceRegime,omitempty"` - - // CreateTime: Optional. Time when the operation was created. - CreateTime string `json:"createTime,omitempty"` - - // DisplayName: Optional. The display name of the workload. - DisplayName string `json:"displayName,omitempty"` - - // Parent: Optional. The parent of the workload. - Parent string `json:"parent,omitempty"` - - // ResourceSettings: Optional. Resource properties in the input that are - // used for creating/customizing workload resources. - ResourceSettings []*GoogleCloudAssuredworkloadsV1beta1WorkloadResourceSettings `json:"resourceSettings,omitempty"` - - // ForceSendFields is a list of field names (e.g. "ComplianceRegime") to - // unconditionally include in API requests. By default, fields with - // empty or default values are omitted from API requests. However, any - // non-pointer, non-interface field appearing in ForceSendFields will be - // sent to the server regardless of whether the field is empty or not. - // This may be used to include empty fields in Patch requests. - ForceSendFields []string `json:"-"` - - // NullFields is a list of field names (e.g. "ComplianceRegime") to - // include in API requests with the JSON null value. By default, fields - // with empty values are omitted from API requests. However, any field - // with an empty value appearing in NullFields will be sent to the - // server as null. It is an error if a field in this list has a - // non-empty value. This may be used to include null fields in Patch - // requests. - NullFields []string `json:"-"` -} - -func (s *GoogleCloudAssuredworkloadsV1beta1CreateWorkloadOperationMetadata) MarshalJSON() ([]byte, error) { - type NoMethod GoogleCloudAssuredworkloadsV1beta1CreateWorkloadOperationMetadata - raw := NoMethod(*s) - return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) -} - // GoogleCloudAssuredworkloadsV1beta1ListViolationsResponse: Response of // ListViolations endpoint. type GoogleCloudAssuredworkloadsV1beta1ListViolationsResponse struct { @@ -566,7 +497,9 @@ type GoogleCloudAssuredworkloadsV1beta1Violation struct { Acknowledged bool `json:"acknowledged,omitempty"` // AcknowledgementTime: Optional. Timestamp when this violation was - // acknowledged last. This will be absent when acknowledged field is + // acknowledged first. Check exception_contexts to find the last time + // the violation was acknowledged when there are more than one + // violations. This field will be absent when acknowledged field is // marked as false. AcknowledgementTime string `json:"acknowledgementTime,omitempty"` @@ -943,6 +876,9 @@ type GoogleCloudAssuredworkloadsV1beta1Workload struct { // "LOCAL_CONTROLS_BY_S3NS" - Enum representing S3NS (Thales) partner. // "SOVEREIGN_CONTROLS_BY_T_SYSTEMS" - Enum representing T_SYSTEM // (TSI) partner. + // "SOVEREIGN_CONTROLS_BY_SIA_MINSAIT" - Enum representing SIA_MINSAIT + // (Indra) partner. + // "SOVEREIGN_CONTROLS_BY_PSN" - Enum representing PSN (TIM) partner. Partner string `json:"partner,omitempty"` // ProvisionedResourcesParent: Input only. The parent resource for the @@ -1082,9 +1018,18 @@ type GoogleCloudAssuredworkloadsV1beta1WorkloadEkmProvisioningResponse struct { // time period EkmProvisioningErrorDomain string `json:"ekmProvisioningErrorDomain,omitempty"` - // EkmProvisioningErrorMessage: Detailed error message if Ekm + // EkmProvisioningErrorMapping: Detailed error message if Ekm // provisioning fails - EkmProvisioningErrorMessage string `json:"ekmProvisioningErrorMessage,omitempty"` + // + // Possible values: + // "EKM_PROVISIONING_ERROR_MAPPING_UNSPECIFIED" - Error is + // unspecified. + // "INVALID_SERVICE_ACCOUNT" - Service account is used is invalid. + // "MISSING_METRICS_SCOPE_ADMIN_PERMISSION" - Iam permission + // monitoring.MetricsScopeAdmin wasn't applied. + // "MISSING_EKM_CONNECTION_ADMIN_PERMISSION" - Iam permission + // cloudkms.ekmConnectionsAdmin wasn't applied. + EkmProvisioningErrorMapping string `json:"ekmProvisioningErrorMapping,omitempty"` // EkmProvisioningState: Indicates Ekm enrollment Provisioning of a // given workload. diff --git a/cloudkms/v1/cloudkms-api.json b/cloudkms/v1/cloudkms-api.json index 2c1711cd6fd..fad5b8b7541 100644 --- a/cloudkms/v1/cloudkms-api.json +++ b/cloudkms/v1/cloudkms-api.json @@ -599,6 +599,32 @@ "https://www.googleapis.com/auth/cloud-platform", "https://www.googleapis.com/auth/cloudkms" ] + }, + "verifyConnectivity": { + "description": "Verifies that Cloud KMS can successfully connect to the external key manager specified by an EkmConnection. If there is an error connecting to the EKM, this method returns a FAILED_PRECONDITION status containing structured information as described at https://cloud.google.com/kms/docs/reference/ekm_errors.", + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/ekmConnections/{ekmConnectionsId}:verifyConnectivity", + "httpMethod": "GET", + "id": "cloudkms.projects.locations.ekmConnections.verifyConnectivity", + "parameterOrder": [ + "name" + ], + "parameters": { + "name": { + "description": "Required. The name of the EkmConnection to verify.", + "location": "path", + "pattern": "^projects/[^/]+/locations/[^/]+/ekmConnections/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+name}:verifyConnectivity", + "response": { + "$ref": "VerifyConnectivityResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloudkms" + ] } } }, @@ -1737,7 +1763,7 @@ } } }, - "revision": "20230330", + "revision": "20230407", "rootUrl": "https://cloudkms.googleapis.com/", "schemas": { "AsymmetricDecryptRequest": { @@ -3479,6 +3505,12 @@ }, "type": "object" }, + "VerifyConnectivityResponse": { + "description": "Response message for EkmService.VerifyConnectivity.", + "id": "VerifyConnectivityResponse", + "properties": {}, + "type": "object" + }, "WrappingPublicKey": { "description": "The public key component of the wrapping key. For details of the type of key this public key corresponds to, see the ImportMethod.", "id": "WrappingPublicKey", diff --git a/cloudkms/v1/cloudkms-gen.go b/cloudkms/v1/cloudkms-gen.go index 45e6f0d08d3..986914120f6 100644 --- a/cloudkms/v1/cloudkms-gen.go +++ b/cloudkms/v1/cloudkms-gen.go @@ -3239,6 +3239,14 @@ func (s *UpdateCryptoKeyPrimaryVersionRequest) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// VerifyConnectivityResponse: Response message for +// EkmService.VerifyConnectivity. +type VerifyConnectivityResponse struct { + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` +} + // WrappingPublicKey: The public key component of the wrapping key. For // details of the type of key this public key corresponds to, see the // ImportMethod. @@ -5720,6 +5728,157 @@ func (c *ProjectsLocationsEkmConnectionsTestIamPermissionsCall) Do(opts ...googl } +// method id "cloudkms.projects.locations.ekmConnections.verifyConnectivity": + +type ProjectsLocationsEkmConnectionsVerifyConnectivityCall struct { + s *Service + name string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// VerifyConnectivity: Verifies that Cloud KMS can successfully connect +// to the external key manager specified by an EkmConnection. If there +// is an error connecting to the EKM, this method returns a +// FAILED_PRECONDITION status containing structured information as +// described at https://cloud.google.com/kms/docs/reference/ekm_errors. +// +// - name: The name of the EkmConnection to verify. +func (r *ProjectsLocationsEkmConnectionsService) VerifyConnectivity(name string) *ProjectsLocationsEkmConnectionsVerifyConnectivityCall { + c := &ProjectsLocationsEkmConnectionsVerifyConnectivityCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsEkmConnectionsVerifyConnectivityCall) Fields(s ...googleapi.Field) *ProjectsLocationsEkmConnectionsVerifyConnectivityCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsEkmConnectionsVerifyConnectivityCall) IfNoneMatch(entityTag string) *ProjectsLocationsEkmConnectionsVerifyConnectivityCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsEkmConnectionsVerifyConnectivityCall) Context(ctx context.Context) *ProjectsLocationsEkmConnectionsVerifyConnectivityCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsEkmConnectionsVerifyConnectivityCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsEkmConnectionsVerifyConnectivityCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + c.urlParams_.Set("prettyPrint", "false") + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:verifyConnectivity") + urls += "?" + c.urlParams_.Encode() + req, err := http.NewRequest("GET", urls, body) + if err != nil { + return nil, err + } + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.ekmConnections.verifyConnectivity" call. +// Exactly one of *VerifyConnectivityResponse or error will be non-nil. +// Any non-2xx status code is an error. Response headers are in either +// *VerifyConnectivityResponse.ServerResponse.Header or (if a response +// was returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsEkmConnectionsVerifyConnectivityCall) Do(opts ...googleapi.CallOption) (*VerifyConnectivityResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, gensupport.WrapError(&googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + }) + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, gensupport.WrapError(err) + } + ret := &VerifyConnectivityResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := gensupport.DecodeResponse(target, res); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Verifies that Cloud KMS can successfully connect to the external key manager specified by an EkmConnection. If there is an error connecting to the EKM, this method returns a FAILED_PRECONDITION status containing structured information as described at https://cloud.google.com/kms/docs/reference/ekm_errors.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/ekmConnections/{ekmConnectionsId}:verifyConnectivity", + // "httpMethod": "GET", + // "id": "cloudkms.projects.locations.ekmConnections.verifyConnectivity", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "Required. The name of the EkmConnection to verify.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/ekmConnections/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+name}:verifyConnectivity", + // "response": { + // "$ref": "VerifyConnectivityResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform", + // "https://www.googleapis.com/auth/cloudkms" + // ] + // } + +} + // method id "cloudkms.projects.locations.keyRings.create": type ProjectsLocationsKeyRingsCreateCall struct { diff --git a/cloudsupport/v2beta/cloudsupport-api.json b/cloudsupport/v2beta/cloudsupport-api.json index 9de25fd5274..52a5edf60ff 100644 --- a/cloudsupport/v2beta/cloudsupport-api.json +++ b/cloudsupport/v2beta/cloudsupport-api.json @@ -543,7 +543,7 @@ } } }, - "revision": "20230404", + "revision": "20230412", "rootUrl": "https://cloudsupport.googleapis.com/", "schemas": { "Actor": { @@ -697,7 +697,7 @@ "type": "string" }, "severity": { - "description": "The severity of this case. Deprecated. Use priority instead.", + "description": "REMOVED. The severity of this case. Use priority instead.", "enum": [ "SEVERITY_UNSPECIFIED", "S0", @@ -807,7 +807,7 @@ "type": "string" }, "plainTextBody": { - "description": "Output only. An automatically generated plain text version of body with all rich text syntax stripped.", + "description": "Output only. DEPRECATED. An automatically generated plain text version of body with all rich text syntax stripped.", "readOnly": true, "type": "string" } diff --git a/cloudsupport/v2beta/cloudsupport-gen.go b/cloudsupport/v2beta/cloudsupport-gen.go index 422db7c60a7..03a3d5868b2 100644 --- a/cloudsupport/v2beta/cloudsupport-gen.go +++ b/cloudsupport/v2beta/cloudsupport-gen.go @@ -390,8 +390,7 @@ type Case struct { // fully available. Priority string `json:"priority,omitempty"` - // Severity: The severity of this case. Deprecated. Use priority - // instead. + // Severity: REMOVED. The severity of this case. Use priority instead. // // Possible values: // "SEVERITY_UNSPECIFIED" - Severity is undefined or has not been set @@ -521,8 +520,8 @@ type Comment struct { // Name: Output only. The resource name for the comment. Name string `json:"name,omitempty"` - // PlainTextBody: Output only. An automatically generated plain text - // version of body with all rich text syntax stripped. + // PlainTextBody: Output only. DEPRECATED. An automatically generated + // plain text version of body with all rich text syntax stripped. PlainTextBody string `json:"plainTextBody,omitempty"` // ServerResponse contains the HTTP response code and headers from the diff --git a/compute/v1/compute-api.json b/compute/v1/compute-api.json index 5759934392a..43b0fa5e5fd 100644 --- a/compute/v1/compute-api.json +++ b/compute/v1/compute-api.json @@ -32979,7 +32979,7 @@ } } }, - "revision": "20230327", + "revision": "20230403", "rootUrl": "https://compute.googleapis.com/", "schemas": { "AcceleratorConfig": { @@ -34303,6 +34303,13 @@ "format": "int64", "type": "string" }, + "replicaZones": { + "description": "Required for each regional disk associated with the instance. Specify the URLs of the zones where the disk should be replicated to. You must provide exactly two replica zones, and one zone must be the same as the instance zone. You can't use this option with boot disks.", + "items": { + "type": "string" + }, + "type": "array" + }, "resourceManagerTags": { "additionalProperties": { "type": "string" @@ -40024,6 +40031,10 @@ "description": "This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.", "type": "boolean" }, + "allowPscGlobalAccess": { + "description": "This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.", + "type": "boolean" + }, "backendService": { "description": "Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.", "type": "string" @@ -40118,7 +40129,7 @@ "type": "string" }, "network": { - "description": "This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If this field is not specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.", + "description": "This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.", "type": "string" }, "networkTier": { @@ -49453,7 +49464,7 @@ "type": "string" }, "secondaryIpCidrRanges": { - "description": "Alias IP ranges from the same subnetwork", + "description": "Alias IP ranges from the same subnetwork.", "items": { "type": "string" }, @@ -60665,15 +60676,15 @@ "type": "object" }, "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig": { - "description": "Configuration options for L7 DDoS detection.", + "description": "Configuration options for L7 DDoS detection. This field is only supported in Global Security Policies of type CLOUD_ARMOR.", "id": "SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig", "properties": { "enable": { - "description": "If set to true, enables CAAP for L7 DDoS detection.", + "description": "If set to true, enables CAAP for L7 DDoS detection. This field is only supported in Global Security Policies of type CLOUD_ARMOR.", "type": "boolean" }, "ruleVisibility": { - "description": "Rule visibility can be one of the following: STANDARD - opaque rules. (default) PREMIUM - transparent rules.", + "description": "Rule visibility can be one of the following: STANDARD - opaque rules. (default) PREMIUM - transparent rules. This field is only supported in Global Security Policies of type CLOUD_ARMOR.", "enum": [ "PREMIUM", "STANDARD" @@ -60868,7 +60879,7 @@ "id": "SecurityPolicyRecaptchaOptionsConfig", "properties": { "redirectSiteKey": { - "description": "An optional field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.", + "description": "An optional field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used. This field is only supported in Global Security Policies of type CLOUD_ARMOR.", "type": "string" } }, @@ -60888,7 +60899,7 @@ "id": "SecurityPolicyRule", "properties": { "action": { - "description": "The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for `STATUS` are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this. ", + "description": "The Action to perform when the rule is matched. The following are the valid actions: - allow: allow access to target. - deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for `STATUS` are 403, 404, and 502. - rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rate_limit_options to be set. - redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR. - throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rate_limit_options to be set for this. ", "type": "string" }, "description": { @@ -60897,7 +60908,7 @@ }, "headerAction": { "$ref": "SecurityPolicyRuleHttpHeaderAction", - "description": "Optional, additional actions that are performed on headers." + "description": "Optional, additional actions that are performed on headers. This field is only supported in Global Security Policies of type CLOUD_ARMOR." }, "kind": { "default": "compute#securityPolicyRule", @@ -60927,7 +60938,7 @@ }, "redirectOptions": { "$ref": "SecurityPolicyRuleRedirectOptions", - "description": "Parameters defining the redirect action. Cannot be specified for any other actions." + "description": "Parameters defining the redirect action. Cannot be specified for any other actions. This field is only supported in Global Security Policies of type CLOUD_ARMOR." } }, "type": "object" @@ -60969,7 +60980,7 @@ }, "expr": { "$ref": "Expr", - "description": "User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header." + "description": "User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. Expressions containing `evaluateThreatIntelligence` require Cloud Armor Managed Protection Plus tier and are not supported in Edge Policies nor in Regional Policies. Expressions containing `evaluatePreconfiguredExpr('sourceiplist-*')` require Cloud Armor Managed Protection Plus tier and are only supported in Global Security Policies." }, "versionedExpr": { "description": "Preconfigured versioned expression. If this field is specified, config must also be specified. Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding src_ip_range field in config.", @@ -61123,17 +61134,24 @@ ], "type": "string" }, + "enforceOnKeyConfigs": { + "description": "If specified, any combination of values of enforce_on_key_type/enforce_on_key_name is treated as the key on which ratelimit threshold/action is enforced. You can specify up to 3 enforce_on_key_configs. If enforce_on_key_configs is specified, enforce_on_key must not be specified.", + "items": { + "$ref": "SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig" + }, + "type": "array" + }, "enforceOnKeyName": { "description": "Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.", "type": "string" }, "exceedAction": { - "description": "Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are `deny(STATUS)`, where valid values for `STATUS` are 403, 404, 429, and 502, and `redirect`, where the redirect parameters come from `exceedRedirectOptions` below.", + "description": "Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are `deny(STATUS)`, where valid values for `STATUS` are 403, 404, 429, and 502, and `redirect`, where the redirect parameters come from `exceedRedirectOptions` below. The `redirect` action is only supported in Global Security Policies of type CLOUD_ARMOR.", "type": "string" }, "exceedRedirectOptions": { "$ref": "SecurityPolicyRuleRedirectOptions", - "description": "Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect." + "description": "Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect. This field is only supported in Global Security Policies of type CLOUD_ARMOR." }, "rateLimitThreshold": { "$ref": "SecurityPolicyRuleRateLimitOptionsThreshold", @@ -61142,6 +61160,40 @@ }, "type": "object" }, + "SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig": { + "id": "SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig", + "properties": { + "enforceOnKeyName": { + "description": "Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.", + "type": "string" + }, + "enforceOnKeyType": { + "description": "Determines the key to enforce the rate_limit_threshold on. Possible values are: - ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if \"enforceOnKeyConfigs\" is not configured. - IP: The source IP address of the request is the key. Each IP has this limit enforced separately. - HTTP_HEADER: The value of the HTTP header whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL. - XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is configured under \"enforceOnKeyName\". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL. - HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes. - SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session. - REGION_CODE: The country/region from which the request originates. ", + "enum": [ + "ALL", + "HTTP_COOKIE", + "HTTP_HEADER", + "HTTP_PATH", + "IP", + "REGION_CODE", + "SNI", + "XFF_IP" + ], + "enumDescriptions": [ + "", + "", + "", + "", + "", + "", + "", + "" + ], + "type": "string" + } + }, + "type": "object" + }, "SecurityPolicyRuleRateLimitOptionsThreshold": { "id": "SecurityPolicyRuleRateLimitOptionsThreshold", "properties": { diff --git a/compute/v1/compute-gen.go b/compute/v1/compute-gen.go index 1cbfdd5619f..a7f1169032c 100644 --- a/compute/v1/compute-gen.go +++ b/compute/v1/compute-gen.go @@ -3256,6 +3256,13 @@ type AttachedDiskInitializeParams struct { // see the Extreme persistent disk documentation. ProvisionedIops int64 `json:"provisionedIops,omitempty,string"` + // ReplicaZones: Required for each regional disk associated with the + // instance. Specify the URLs of the zones where the disk should be + // replicated to. You must provide exactly two replica zones, and one + // zone must be the same as the instance zone. You can't use this option + // with boot disks. + ReplicaZones []string `json:"replicaZones,omitempty"` + // ResourceManagerTags: Resource manager tags to be bound to the disk. // Tag keys and values have the same definition as resource manager // tags. Keys must be in the format `tagKeys/{tag_key_id}`, and values @@ -12565,6 +12572,10 @@ type ForwardingRule struct { // clients in the same region as the internal load balancer. AllowGlobalAccess bool `json:"allowGlobalAccess,omitempty"` + // AllowPscGlobalAccess: This is used in PSC consumer ForwardingRule to + // control whether the PSC endpoint can be accessed from another region. + AllowPscGlobalAccess bool `json:"allowPscGlobalAccess,omitempty"` + // BackendService: Identifies the backend service to which the // forwarding rule sends traffic. Required for Internal TCP/UDP Load // Balancing and Network Load Balancing; must be omitted for all other @@ -12683,9 +12694,10 @@ type ForwardingRule struct { // Network: This field is not used for external load balancing. For // Internal TCP/UDP Load Balancing, this field identifies the network // that the load balanced IP should belong to for this Forwarding Rule. - // If this field is not specified, the default network will be used. For - // Private Service Connect forwarding rules that forward traffic to - // Google APIs, a network must be provided. + // If the subnetwork is specified, the network of the subnetwork will be + // used. If neither subnetwork nor this field is specified, the default + // network will be used. For Private Service Connect forwarding rules + // that forward traffic to Google APIs, a network must be provided. Network string `json:"network,omitempty"` // NetworkTier: This signifies the networking tier used for configuring @@ -27558,7 +27570,7 @@ type NetworkAttachmentConnectedEndpoint struct { // the IP was assigned. ProjectIdOrNum string `json:"projectIdOrNum,omitempty"` - // SecondaryIpCidrRanges: Alias IP ranges from the same subnetwork + // SecondaryIpCidrRanges: Alias IP ranges from the same subnetwork. SecondaryIpCidrRanges []string `json:"secondaryIpCidrRanges,omitempty"` // Status: The status of a connected endpoint to this network @@ -44644,13 +44656,17 @@ func (s *SecurityPolicyAdaptiveProtectionConfig) MarshalJSON() ([]byte, error) { } // SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig: -// Configuration options for L7 DDoS detection. +// Configuration options for L7 DDoS detection. This field is only +// supported in Global Security Policies of type CLOUD_ARMOR. type SecurityPolicyAdaptiveProtectionConfigLayer7DdosDefenseConfig struct { - // Enable: If set to true, enables CAAP for L7 DDoS detection. + // Enable: If set to true, enables CAAP for L7 DDoS detection. This + // field is only supported in Global Security Policies of type + // CLOUD_ARMOR. Enable bool `json:"enable,omitempty"` // RuleVisibility: Rule visibility can be one of the following: STANDARD - // - opaque rules. (default) PREMIUM - transparent rules. + // - opaque rules. (default) PREMIUM - transparent rules. This field is + // only supported in Global Security Policies of type CLOUD_ARMOR. // // Possible values: // "PREMIUM" @@ -44973,7 +44989,8 @@ type SecurityPolicyRecaptchaOptionsConfig struct { // GOOGLE_RECAPTCHA under the security policy. The specified site key // needs to be created from the reCAPTCHA API. The user is responsible // for the validity of the specified site key. If not specified, a - // Google-managed site key is used. + // Google-managed site key is used. This field is only supported in + // Global Security Policies of type CLOUD_ARMOR. RedirectSiteKey string `json:"redirectSiteKey,omitempty"` // ForceSendFields is a list of field names (e.g. "RedirectSiteKey") to @@ -45041,10 +45058,11 @@ type SecurityPolicyRule struct { // rate_limit_options to be set. - redirect: redirect to a different // target. This can either be an internal reCAPTCHA redirect, or an // external URL-based redirect via a 302 response. Parameters for this - // action can be configured via redirectOptions. - throttle: limit - // client traffic to the configured threshold. Configure parameters for - // this action in rateLimitOptions. Requires rate_limit_options to be - // set for this. + // action can be configured via redirectOptions. This action is only + // supported in Global Security Policies of type CLOUD_ARMOR. - + // throttle: limit client traffic to the configured threshold. Configure + // parameters for this action in rateLimitOptions. Requires + // rate_limit_options to be set for this. Action string `json:"action,omitempty"` // Description: An optional description of this resource. Provide this @@ -45052,7 +45070,8 @@ type SecurityPolicyRule struct { Description string `json:"description,omitempty"` // HeaderAction: Optional, additional actions that are performed on - // headers. + // headers. This field is only supported in Global Security Policies of + // type CLOUD_ARMOR. HeaderAction *SecurityPolicyRuleHttpHeaderAction `json:"headerAction,omitempty"` // Kind: [Output only] Type of the resource. Always @@ -45083,7 +45102,8 @@ type SecurityPolicyRule struct { RateLimitOptions *SecurityPolicyRuleRateLimitOptions `json:"rateLimitOptions,omitempty"` // RedirectOptions: Parameters defining the redirect action. Cannot be - // specified for any other actions. + // specified for any other actions. This field is only supported in + // Global Security Policies of type CLOUD_ARMOR. RedirectOptions *SecurityPolicyRuleRedirectOptions `json:"redirectOptions,omitempty"` // ServerResponse contains the HTTP response code and headers from the @@ -45183,7 +45203,13 @@ type SecurityPolicyRuleMatcher struct { // Expr: User defined CEVAL expression. A CEVAL expression is used to // specify match criteria such as origin.ip, source.region_code and - // contents in the request header. + // contents in the request header. Expressions containing + // `evaluateThreatIntelligence` require Cloud Armor Managed Protection + // Plus tier and are not supported in Edge Policies nor in Regional + // Policies. Expressions containing + // `evaluatePreconfiguredExpr('sourceiplist-*')` require Cloud Armor + // Managed Protection Plus tier and are only supported in Global + // Security Policies. Expr *Expr `json:"expr,omitempty"` // VersionedExpr: Preconfigured versioned expression. If this field is @@ -45422,6 +45448,13 @@ type SecurityPolicyRuleRateLimitOptions struct { // "XFF_IP" EnforceOnKey string `json:"enforceOnKey,omitempty"` + // EnforceOnKeyConfigs: If specified, any combination of values of + // enforce_on_key_type/enforce_on_key_name is treated as the key on + // which ratelimit threshold/action is enforced. You can specify up to 3 + // enforce_on_key_configs. If enforce_on_key_configs is specified, + // enforce_on_key must not be specified. + EnforceOnKeyConfigs []*SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig `json:"enforceOnKeyConfigs,omitempty"` + // EnforceOnKeyName: Rate limit key name applicable only for the // following key types: HTTP_HEADER -- Name of the HTTP header whose // value is taken as the key value. HTTP_COOKIE -- Name of the HTTP @@ -45433,12 +45466,14 @@ type SecurityPolicyRuleRateLimitOptions struct { // response code, or redirect to a different endpoint. Valid options are // `deny(STATUS)`, where valid values for `STATUS` are 403, 404, 429, // and 502, and `redirect`, where the redirect parameters come from - // `exceedRedirectOptions` below. + // `exceedRedirectOptions` below. The `redirect` action is only + // supported in Global Security Policies of type CLOUD_ARMOR. ExceedAction string `json:"exceedAction,omitempty"` // ExceedRedirectOptions: Parameters defining the redirect action that // is used as the exceed action. Cannot be specified if the exceed - // action is not redirect. + // action is not redirect. This field is only supported in Global + // Security Policies of type CLOUD_ARMOR. ExceedRedirectOptions *SecurityPolicyRuleRedirectOptions `json:"exceedRedirectOptions,omitempty"` // RateLimitThreshold: Threshold at which to begin ratelimiting. @@ -45468,6 +45503,71 @@ func (s *SecurityPolicyRuleRateLimitOptions) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +type SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig struct { + // EnforceOnKeyName: Rate limit key name applicable only for the + // following key types: HTTP_HEADER -- Name of the HTTP header whose + // value is taken as the key value. HTTP_COOKIE -- Name of the HTTP + // cookie whose value is taken as the key value. + EnforceOnKeyName string `json:"enforceOnKeyName,omitempty"` + + // EnforceOnKeyType: Determines the key to enforce the + // rate_limit_threshold on. Possible values are: - ALL: A single rate + // limit threshold is applied to all the requests matching this rule. + // This is the default value if "enforceOnKeyConfigs" is not configured. + // - IP: The source IP address of the request is the key. Each IP has + // this limit enforced separately. - HTTP_HEADER: The value of the HTTP + // header whose name is configured under "enforceOnKeyName". The key + // value is truncated to the first 128 bytes of the header value. If no + // such header is present in the request, the key type defaults to ALL. + // - XFF_IP: The first IP address (i.e. the originating client IP + // address) specified in the list of IPs under X-Forwarded-For HTTP + // header. If no such header is present or the value is not a valid IP, + // the key defaults to the source IP address of the request i.e. key + // type IP. - HTTP_COOKIE: The value of the HTTP cookie whose name is + // configured under "enforceOnKeyName". The key value is truncated to + // the first 128 bytes of the cookie value. If no such cookie is present + // in the request, the key type defaults to ALL. - HTTP_PATH: The URL + // path of the HTTP request. The key value is truncated to the first 128 + // bytes. - SNI: Server name indication in the TLS session of the HTTPS + // request. The key value is truncated to the first 128 bytes. The key + // type defaults to ALL on a HTTP session. - REGION_CODE: The + // country/region from which the request originates. + // + // Possible values: + // "ALL" + // "HTTP_COOKIE" + // "HTTP_HEADER" + // "HTTP_PATH" + // "IP" + // "REGION_CODE" + // "SNI" + // "XFF_IP" + EnforceOnKeyType string `json:"enforceOnKeyType,omitempty"` + + // ForceSendFields is a list of field names (e.g. "EnforceOnKeyName") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "EnforceOnKeyName") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig) MarshalJSON() ([]byte, error) { + type NoMethod SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + type SecurityPolicyRuleRateLimitOptionsThreshold struct { // Count: Number of HTTP(S) requests for calculating the threshold. Count int64 `json:"count,omitempty"` diff --git a/iam/v1/iam-api.json b/iam/v1/iam-api.json index 7d6c6b98d9e..051e44048f2 100644 --- a/iam/v1/iam-api.json +++ b/iam/v1/iam-api.json @@ -2749,7 +2749,7 @@ } } }, - "revision": "20230323", + "revision": "20230406", "rootUrl": "https://iam.googleapis.com/", "schemas": { "AdminAuditData": { @@ -3089,7 +3089,7 @@ "type": "string" }, "keySpec": { - "description": "Immutable. The specifications for the key.", + "description": "Required. The specifications for the key.", "enum": [ "KEY_SPEC_UNSPECIFIED", "RSA_2048", @@ -4221,7 +4221,7 @@ "type": "string" }, "use": { - "description": "Immutable. The purpose of the key.", + "description": "Required. The purpose of the key.", "enum": [ "KEY_USE_UNSPECIFIED", "ENCRYPTION" @@ -4377,7 +4377,7 @@ "type": "string" }, "use": { - "description": "Immutable. The purpose of the key.", + "description": "Required. The purpose of the key.", "enum": [ "KEY_USE_UNSPECIFIED", "ENCRYPTION" diff --git a/iam/v1/iam-gen.go b/iam/v1/iam-gen.go index 37507ad314f..8b5827d98c5 100644 --- a/iam/v1/iam-gen.go +++ b/iam/v1/iam-gen.go @@ -1149,7 +1149,7 @@ type KeyData struct { // by the format field. Key string `json:"key,omitempty"` - // KeySpec: Immutable. The specifications for the key. + // KeySpec: Required. The specifications for the key. // // Possible values: // "KEY_SPEC_UNSPECIFIED" - No key specification specified. @@ -3264,7 +3264,7 @@ type WorkforcePoolProviderKey struct { // soft-deleted key using UndeleteWorkforcePoolProviderKey. State string `json:"state,omitempty"` - // Use: Immutable. The purpose of the key. + // Use: Required. The purpose of the key. // // Possible values: // "KEY_USE_UNSPECIFIED" - KeyUse unspecified. @@ -3525,7 +3525,7 @@ type WorkloadIdentityPoolProviderKey struct { // a key is deleted, you cannot use it during the federation. State string `json:"state,omitempty"` - // Use: Immutable. The purpose of the key. + // Use: Required. The purpose of the key. // // Possible values: // "KEY_USE_UNSPECIFIED" - The key use is not known. diff --git a/managedidentities/v1/managedidentities-api.json b/managedidentities/v1/managedidentities-api.json index 417ee608100..f3b01b98d25 100644 --- a/managedidentities/v1/managedidentities-api.json +++ b/managedidentities/v1/managedidentities-api.json @@ -295,6 +295,34 @@ "https://www.googleapis.com/auth/cloud-platform" ] }, + "domainJoinMachine": { + "description": "DomainJoinMachine API joins a Compute Engine VM to the domain", + "flatPath": "v1/projects/{projectsId}/locations/global/domains/{domainsId}:domainJoinMachine", + "httpMethod": "POST", + "id": "managedidentities.projects.locations.global.domains.domainJoinMachine", + "parameterOrder": [ + "domain" + ], + "parameters": { + "domain": { + "description": "Required. The domain resource name using the form: projects/{project_id}/locations/global/domains/{domain_name}", + "location": "path", + "pattern": "^projects/[^/]+/locations/global/domains/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+domain}:domainJoinMachine", + "request": { + "$ref": "DomainJoinMachineRequest" + }, + "response": { + "$ref": "DomainJoinMachineResponse" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, "extendSchema": { "description": "Extend Schema for Domain", "flatPath": "v1/projects/{projectsId}/locations/global/domains/{domainsId}:extendSchema", @@ -1100,7 +1128,7 @@ ] }, "list": { - "description": "Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to override the binding to use different resource name schemes, such as `users/*/operations`. To override the binding, API services can add a binding such as `\"/v1/{name=users/*}/operations\"` to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.", + "description": "Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`.", "flatPath": "v1/projects/{projectsId}/locations/global/operations", "httpMethod": "GET", "id": "managedidentities.projects.locations.global.operations.list", @@ -1403,7 +1431,7 @@ } } }, - "revision": "20230227", + "revision": "20230323", "rootUrl": "https://managedidentities.googleapis.com/", "schemas": { "AttachTrustRequest": { @@ -1713,6 +1741,36 @@ }, "type": "object" }, + "DomainJoinMachineRequest": { + "description": "DomainJoinMachineRequest is the request message for DomainJoinMachine method", + "id": "DomainJoinMachineRequest", + "properties": { + "force": { + "description": "Optional. force if True, forces domain join even if the computer account already exists.", + "type": "boolean" + }, + "ouName": { + "description": "Optional. OU name where the VM needs to be domain joined", + "type": "string" + }, + "vmIdToken": { + "description": "Required. Full instance id token of compute engine VM to verify instance identity. More about this: https://cloud.google.com/compute/docs/instances/verifying-instance-identity#request_signature", + "type": "string" + } + }, + "type": "object" + }, + "DomainJoinMachineResponse": { + "description": "DomainJoinMachineResponse is the response message for DomainJoinMachine method", + "id": "DomainJoinMachineResponse", + "properties": { + "domainJoinBlob": { + "description": "Offline domain join blob as the response", + "type": "string" + } + }, + "type": "object" + }, "Empty": { "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }", "id": "Empty", diff --git a/managedidentities/v1/managedidentities-gen.go b/managedidentities/v1/managedidentities-gen.go index 46781e2dae3..de5276cc43c 100644 --- a/managedidentities/v1/managedidentities-gen.go +++ b/managedidentities/v1/managedidentities-gen.go @@ -702,6 +702,78 @@ func (s *Domain) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// DomainJoinMachineRequest: DomainJoinMachineRequest is the request +// message for DomainJoinMachine method +type DomainJoinMachineRequest struct { + // Force: Optional. force if True, forces domain join even if the + // computer account already exists. + Force bool `json:"force,omitempty"` + + // OuName: Optional. OU name where the VM needs to be domain joined + OuName string `json:"ouName,omitempty"` + + // VmIdToken: Required. Full instance id token of compute engine VM to + // verify instance identity. More about this: + // https://cloud.google.com/compute/docs/instances/verifying-instance-identity#request_signature + VmIdToken string `json:"vmIdToken,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Force") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Force") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *DomainJoinMachineRequest) MarshalJSON() ([]byte, error) { + type NoMethod DomainJoinMachineRequest + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// DomainJoinMachineResponse: DomainJoinMachineResponse is the response +// message for DomainJoinMachine method +type DomainJoinMachineResponse struct { + // DomainJoinBlob: Offline domain join blob as the response + DomainJoinBlob string `json:"domainJoinBlob,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "DomainJoinBlob") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DomainJoinBlob") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *DomainJoinMachineResponse) MarshalJSON() ([]byte, error) { + type NoMethod DomainJoinMachineResponse + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Empty: A generic empty message that you can re-use to avoid defining // duplicated empty messages in your APIs. A typical example is to use // it as the request or the response type of an API method. For @@ -3710,6 +3782,150 @@ func (c *ProjectsLocationsGlobalDomainsDetachTrustCall) Do(opts ...googleapi.Cal } +// method id "managedidentities.projects.locations.global.domains.domainJoinMachine": + +type ProjectsLocationsGlobalDomainsDomainJoinMachineCall struct { + s *Service + domain string + domainjoinmachinerequest *DomainJoinMachineRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// DomainJoinMachine: DomainJoinMachine API joins a Compute Engine VM to +// the domain +// +// - domain: The domain resource name using the form: +// projects/{project_id}/locations/global/domains/{domain_name}. +func (r *ProjectsLocationsGlobalDomainsService) DomainJoinMachine(domain string, domainjoinmachinerequest *DomainJoinMachineRequest) *ProjectsLocationsGlobalDomainsDomainJoinMachineCall { + c := &ProjectsLocationsGlobalDomainsDomainJoinMachineCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.domain = domain + c.domainjoinmachinerequest = domainjoinmachinerequest + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsGlobalDomainsDomainJoinMachineCall) Fields(s ...googleapi.Field) *ProjectsLocationsGlobalDomainsDomainJoinMachineCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsGlobalDomainsDomainJoinMachineCall) Context(ctx context.Context) *ProjectsLocationsGlobalDomainsDomainJoinMachineCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsGlobalDomainsDomainJoinMachineCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsGlobalDomainsDomainJoinMachineCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/"+internal.Version) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.domainjoinmachinerequest) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + c.urlParams_.Set("prettyPrint", "false") + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+domain}:domainJoinMachine") + urls += "?" + c.urlParams_.Encode() + req, err := http.NewRequest("POST", urls, body) + if err != nil { + return nil, err + } + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "domain": c.domain, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "managedidentities.projects.locations.global.domains.domainJoinMachine" call. +// Exactly one of *DomainJoinMachineResponse or error will be non-nil. +// Any non-2xx status code is an error. Response headers are in either +// *DomainJoinMachineResponse.ServerResponse.Header or (if a response +// was returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsGlobalDomainsDomainJoinMachineCall) Do(opts ...googleapi.CallOption) (*DomainJoinMachineResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, gensupport.WrapError(&googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + }) + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, gensupport.WrapError(err) + } + ret := &DomainJoinMachineResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := gensupport.DecodeResponse(target, res); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "DomainJoinMachine API joins a Compute Engine VM to the domain", + // "flatPath": "v1/projects/{projectsId}/locations/global/domains/{domainsId}:domainJoinMachine", + // "httpMethod": "POST", + // "id": "managedidentities.projects.locations.global.domains.domainJoinMachine", + // "parameterOrder": [ + // "domain" + // ], + // "parameters": { + // "domain": { + // "description": "Required. The domain resource name using the form: projects/{project_id}/locations/global/domains/{domain_name}", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/global/domains/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+domain}:domainJoinMachine", + // "request": { + // "$ref": "DomainJoinMachineRequest" + // }, + // "response": { + // "$ref": "DomainJoinMachineResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + // method id "managedidentities.projects.locations.global.domains.extendSchema": type ProjectsLocationsGlobalDomainsExtendSchemaCall struct { @@ -7848,14 +8064,7 @@ type ProjectsLocationsGlobalOperationsListCall struct { // List: Lists operations that match the specified filter in the // request. If the server doesn't support this method, it returns -// `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to -// override the binding to use different resource name schemes, such as -// `users/*/operations`. To override the binding, API services can add a -// binding such as "/v1/{name=users/*}/operations" to their service -// configuration. For backwards compatibility, the default name includes -// the operations collection id, however overriding users must ensure -// the name binding is the parent resource, without the operations -// collection id. +// `UNIMPLEMENTED`. // // - name: The name of the operation's parent resource. func (r *ProjectsLocationsGlobalOperationsService) List(name string) *ProjectsLocationsGlobalOperationsListCall { @@ -7984,7 +8193,7 @@ func (c *ProjectsLocationsGlobalOperationsListCall) Do(opts ...googleapi.CallOpt } return ret, nil // { - // "description": "Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`. NOTE: the `name` binding allows API services to override the binding to use different resource name schemes, such as `users/*/operations`. To override the binding, API services can add a binding such as `\"/v1/{name=users/*}/operations\"` to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.", + // "description": "Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`.", // "flatPath": "v1/projects/{projectsId}/locations/global/operations", // "httpMethod": "GET", // "id": "managedidentities.projects.locations.global.operations.list", diff --git a/networksecurity/v1beta1/networksecurity-api.json b/networksecurity/v1beta1/networksecurity-api.json index dd04df985f1..b0f6941c9be 100644 --- a/networksecurity/v1beta1/networksecurity-api.json +++ b/networksecurity/v1beta1/networksecurity-api.json @@ -2474,7 +2474,7 @@ } } }, - "revision": "20230316", + "revision": "20230406", "rootUrl": "https://networksecurity.googleapis.com/", "schemas": { "AddAddressGroupItemsRequest": { @@ -3139,6 +3139,13 @@ "nextPageToken": { "description": "If there might be more results than those appearing in this response, then 'next_page_token' is included. To get the next set of results, call this method again using the value of 'next_page_token' as 'page_token'.", "type": "string" + }, + "unreachable": { + "description": "Locations that could not be reached.", + "items": { + "type": "string" + }, + "type": "array" } }, "type": "object" @@ -3157,6 +3164,13 @@ "nextPageToken": { "description": "If there might be more results than those appearing in this response, then 'next_page_token' is included. To get the next set of results, call this method again using the value of 'next_page_token' as 'page_token'.", "type": "string" + }, + "unreachable": { + "description": "Locations that could not be reached.", + "items": { + "type": "string" + }, + "type": "array" } }, "type": "object" @@ -3229,6 +3243,13 @@ "$ref": "TlsInspectionPolicy" }, "type": "array" + }, + "unreachable": { + "description": "Locations that could not be reached.", + "items": { + "type": "string" + }, + "type": "array" } }, "type": "object" @@ -3297,11 +3318,29 @@ "id": "MTLSPolicy", "properties": { "clientValidationCa": { - "description": " Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.", + "description": "Required if the policy is to be used with Traffic Director. For External HTTPS LB it must be empty. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.", "items": { "$ref": "ValidationCA" }, "type": "array" + }, + "clientValidationMode": { + "description": "Specifies whether client connections proceed when a client presents an invalid certificate or no certificate. Required if the policy is to be used with the External HTTPS LB. For Traffic Director it must be empty.", + "enum": [ + "CLIENT_VALIDATION_MODE_UNSPECIFIED", + "ALLOW_INVALID_OR_MISSING_CLIENT_CERT", + "REJECT_INVALID" + ], + "enumDescriptions": [ + "Not allowed.", + "Allow connection even if certificate chain validation of the client certificate failed or no client certificate was presented. The proof of possession of the private key is always checked if client certificate was presented. This mode requires the backend to implement processing of data extracted from a client certificate to authenticate the peer, or to reject connections if the client certificate fingerprint is missing.", + "Require a client certificate and allow connection to the backend only if validation of the client certificate passed. If set, requires a reference to non-empty TrustConfig specified in `client_validation_trust_config`." + ], + "type": "string" + }, + "clientValidationTrustConfig": { + "description": "Reference to the TrustConfig from certificatemanager.googleapis.com namespace. If specified, the chain validation will be performed against certificates configured in the given TrustConfig. Allowed only if the policy is to be used with External HTTPS LB.", + "type": "string" } }, "type": "object" @@ -3425,11 +3464,11 @@ "type": "object" }, "ServerTlsPolicy": { - "description": "ServerTlsPolicy is a resource that specifies how a server should authenticate incoming requests. This resource itself does not affect configuration unless it is attached to a target HTTPS proxy or endpoint config selector resource.", + "description": "ServerTlsPolicy is a resource that specifies how a server should authenticate incoming requests. This resource itself does not affect configuration unless it is attached to a target HTTPS proxy or endpoint config selector resource. ServerTlsPolicy in the form accepted by External HTTPS Load Balancer can be attached only to TargetHttpsProxy with an `EXTERNAL` or `EXTERNAL_MANAGED` load balancing scheme. Traffic Director compatible ServerTlsPolicies can be attached to EndpointPolicy and TargetHttpsProxy with Traffic Director `INTERNAL_SELF_MANAGED` load balancing scheme.", "id": "ServerTlsPolicy", "properties": { "allowOpen": { - "description": " Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if `allow_open` and `mtls_policy` are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.", + "description": "Can be enabled only for Traffic Director policies, must be false for External HTTPS LB policies. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if `allow_open` and `mtls_policy` are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility. Consider using it if you wish to upgrade in place your deployment to TLS while having mixed TLS and non-TLS traffic reaching port :80.", "type": "boolean" }, "createTime": { @@ -3451,7 +3490,7 @@ }, "mtlsPolicy": { "$ref": "MTLSPolicy", - "description": " Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If `allow_open` and `mtls_policy` are set, server allows both plain text and mTLS connections." + "description": "Required if policy is to be used with the External HTTPS LB, for Traffic Director allowed to be empty. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If `allow_open` and `mtls_policy` are set, server allows both plain text and mTLS connections." }, "name": { "description": "Required. Name of the ServerTlsPolicy resource. It matches the pattern `projects/*/locations/{location}/serverTlsPolicies/{server_tls_policy}`", @@ -3459,7 +3498,7 @@ }, "serverCertificate": { "$ref": "GoogleCloudNetworksecurityV1beta1CertificateProvider", - "description": " Defines a mechanism to provision server identity (public and private keys). Cannot be combined with `allow_open` as a permissive mode that allows both plain text and TLS is not supported." + "description": "Optional if policy is to be used with Traffic Director, for External HTTPS LB must be empty. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with `allow_open` as a permissive mode that allows both plain text and TLS is not supported." }, "updateTime": { "description": "Output only. The timestamp when the resource was updated.", diff --git a/networksecurity/v1beta1/networksecurity-gen.go b/networksecurity/v1beta1/networksecurity-gen.go index a9376187538..bccd2ca3d7e 100644 --- a/networksecurity/v1beta1/networksecurity-gen.go +++ b/networksecurity/v1beta1/networksecurity-gen.go @@ -1593,6 +1593,9 @@ type ListGatewaySecurityPoliciesResponse struct { // 'next_page_token' as 'page_token'. NextPageToken string `json:"nextPageToken,omitempty"` + // Unreachable: Locations that could not be reached. + Unreachable []string `json:"unreachable,omitempty"` + // ServerResponse contains the HTTP response code and headers from the // server. googleapi.ServerResponse `json:"-"` @@ -1635,6 +1638,9 @@ type ListGatewaySecurityPolicyRulesResponse struct { // 'next_page_token' as 'page_token'. NextPageToken string `json:"nextPageToken,omitempty"` + // Unreachable: Locations that could not be reached. + Unreachable []string `json:"unreachable,omitempty"` + // ServerResponse contains the HTTP response code and headers from the // server. googleapi.ServerResponse `json:"-"` @@ -1789,6 +1795,9 @@ type ListTlsInspectionPoliciesResponse struct { // TlsInspectionPolicies: List of TlsInspectionPolicies resources. TlsInspectionPolicies []*TlsInspectionPolicy `json:"tlsInspectionPolicies,omitempty"` + // Unreachable: Locations that could not be reached. + Unreachable []string `json:"unreachable,omitempty"` + // ServerResponse contains the HTTP response code and headers from the // server. googleapi.ServerResponse `json:"-"` @@ -1909,10 +1918,39 @@ func (s *Location) MarshalJSON() ([]byte, error) { // MTLSPolicy: Specification of the MTLSPolicy. type MTLSPolicy struct { - // ClientValidationCa: Defines the mechanism to obtain the Certificate - // Authority certificate to validate the client certificate. + // ClientValidationCa: Required if the policy is to be used with Traffic + // Director. For External HTTPS LB it must be empty. Defines the + // mechanism to obtain the Certificate Authority certificate to validate + // the client certificate. ClientValidationCa []*ValidationCA `json:"clientValidationCa,omitempty"` + // ClientValidationMode: Specifies whether client connections proceed + // when a client presents an invalid certificate or no certificate. + // Required if the policy is to be used with the External HTTPS LB. For + // Traffic Director it must be empty. + // + // Possible values: + // "CLIENT_VALIDATION_MODE_UNSPECIFIED" - Not allowed. + // "ALLOW_INVALID_OR_MISSING_CLIENT_CERT" - Allow connection even if + // certificate chain validation of the client certificate failed or no + // client certificate was presented. The proof of possession of the + // private key is always checked if client certificate was presented. + // This mode requires the backend to implement processing of data + // extracted from a client certificate to authenticate the peer, or to + // reject connections if the client certificate fingerprint is missing. + // "REJECT_INVALID" - Require a client certificate and allow + // connection to the backend only if validation of the client + // certificate passed. If set, requires a reference to non-empty + // TrustConfig specified in `client_validation_trust_config`. + ClientValidationMode string `json:"clientValidationMode,omitempty"` + + // ClientValidationTrustConfig: Reference to the TrustConfig from + // certificatemanager.googleapis.com namespace. If specified, the chain + // validation will be performed against certificates configured in the + // given TrustConfig. Allowed only if the policy is to be used with + // External HTTPS LB. + ClientValidationTrustConfig string `json:"clientValidationTrustConfig,omitempty"` + // ForceSendFields is a list of field names (e.g. "ClientValidationCa") // to unconditionally include in API requests. By default, fields with // empty or default values are omitted from API requests. However, any @@ -2135,16 +2173,23 @@ func (s *Rule) MarshalJSON() ([]byte, error) { // ServerTlsPolicy: ServerTlsPolicy is a resource that specifies how a // server should authenticate incoming requests. This resource itself // does not affect configuration unless it is attached to a target HTTPS -// proxy or endpoint config selector resource. +// proxy or endpoint config selector resource. ServerTlsPolicy in the +// form accepted by External HTTPS Load Balancer can be attached only to +// TargetHttpsProxy with an `EXTERNAL` or `EXTERNAL_MANAGED` load +// balancing scheme. Traffic Director compatible ServerTlsPolicies can +// be attached to EndpointPolicy and TargetHttpsProxy with Traffic +// Director `INTERNAL_SELF_MANAGED` load balancing scheme. type ServerTlsPolicy struct { - // AllowOpen: Determines if server allows plaintext connections. If set - // to true, server allows plain text connections. By default, it is set - // to false. This setting is not exclusive of other encryption modes. - // For example, if `allow_open` and `mtls_policy` are set, server allows - // both plain text and mTLS connections. See documentation of other - // encryption modes to confirm compatibility. Consider using it if you - // wish to upgrade in place your deployment to TLS while having mixed - // TLS and non-TLS traffic reaching port :80. + // AllowOpen: Can be enabled only for Traffic Director policies, must be + // false for External HTTPS LB policies. Determines if server allows + // plaintext connections. If set to true, server allows plain text + // connections. By default, it is set to false. This setting is not + // exclusive of other encryption modes. For example, if `allow_open` and + // `mtls_policy` are set, server allows both plain text and mTLS + // connections. See documentation of other encryption modes to confirm + // compatibility. Consider using it if you wish to upgrade in place your + // deployment to TLS while having mixed TLS and non-TLS traffic reaching + // port :80. AllowOpen bool `json:"allowOpen,omitempty"` // CreateTime: Output only. The timestamp when the resource was created. @@ -2156,12 +2201,13 @@ type ServerTlsPolicy struct { // Labels: Set of label tags associated with the resource. Labels map[string]string `json:"labels,omitempty"` - // MtlsPolicy: Defines a mechanism to provision peer validation - // certificates for peer to peer authentication (Mutual TLS - mTLS). If - // not specified, client certificate will not be requested. The - // connection is treated as TLS and not mTLS. If `allow_open` and - // `mtls_policy` are set, server allows both plain text and mTLS - // connections. + // MtlsPolicy: Required if policy is to be used with the External HTTPS + // LB, for Traffic Director allowed to be empty. Defines a mechanism to + // provision peer validation certificates for peer to peer + // authentication (Mutual TLS - mTLS). If not specified, client + // certificate will not be requested. The connection is treated as TLS + // and not mTLS. If `allow_open` and `mtls_policy` are set, server + // allows both plain text and mTLS connections. MtlsPolicy *MTLSPolicy `json:"mtlsPolicy,omitempty"` // Name: Required. Name of the ServerTlsPolicy resource. It matches the @@ -2170,9 +2216,11 @@ type ServerTlsPolicy struct { // ` Name string `json:"name,omitempty"` - // ServerCertificate: Defines a mechanism to provision server identity - // (public and private keys). Cannot be combined with `allow_open` as a - // permissive mode that allows both plain text and TLS is not supported. + // ServerCertificate: Optional if policy is to be used with Traffic + // Director, for External HTTPS LB must be empty. Defines a mechanism to + // provision server identity (public and private keys). Cannot be + // combined with `allow_open` as a permissive mode that allows both + // plain text and TLS is not supported. ServerCertificate *GoogleCloudNetworksecurityV1beta1CertificateProvider `json:"serverCertificate,omitempty"` // UpdateTime: Output only. The timestamp when the resource was updated. diff --git a/serviceconsumermanagement/v1/serviceconsumermanagement-api.json b/serviceconsumermanagement/v1/serviceconsumermanagement-api.json index 8ae91950358..6eb36ad5998 100644 --- a/serviceconsumermanagement/v1/serviceconsumermanagement-api.json +++ b/serviceconsumermanagement/v1/serviceconsumermanagement-api.json @@ -542,7 +542,7 @@ } } }, - "revision": "20230405", + "revision": "20230412", "rootUrl": "https://serviceconsumermanagement.googleapis.com/", "schemas": { "AddTenantProjectRequest": { @@ -2224,14 +2224,16 @@ "CLOUD", "ADS", "PHOTOS", - "STREET_VIEW" + "STREET_VIEW", + "SHOPPING" ], "enumDescriptions": [ "Not useful.", "Google Cloud Platform Org.", "Ads (Advertising) Org.", "Photos Org.", - "Street View Org." + "Street View Org.", + "Shopping Org." ], "type": "string" }, diff --git a/serviceconsumermanagement/v1/serviceconsumermanagement-gen.go b/serviceconsumermanagement/v1/serviceconsumermanagement-gen.go index 8d8663193a2..5195abca049 100644 --- a/serviceconsumermanagement/v1/serviceconsumermanagement-gen.go +++ b/serviceconsumermanagement/v1/serviceconsumermanagement-gen.go @@ -3429,6 +3429,7 @@ type Publishing struct { // "ADS" - Ads (Advertising) Org. // "PHOTOS" - Photos Org. // "STREET_VIEW" - Street View Org. + // "SHOPPING" - Shopping Org. Organization string `json:"organization,omitempty"` // ProtoReferenceDocumentationUri: Optional link to proto reference diff --git a/serviceconsumermanagement/v1beta1/serviceconsumermanagement-api.json b/serviceconsumermanagement/v1beta1/serviceconsumermanagement-api.json index 44fe93e7d4d..db78e306cda 100644 --- a/serviceconsumermanagement/v1beta1/serviceconsumermanagement-api.json +++ b/serviceconsumermanagement/v1beta1/serviceconsumermanagement-api.json @@ -500,7 +500,7 @@ } } }, - "revision": "20230405", + "revision": "20230412", "rootUrl": "https://serviceconsumermanagement.googleapis.com/", "schemas": { "Api": { @@ -2040,14 +2040,16 @@ "CLOUD", "ADS", "PHOTOS", - "STREET_VIEW" + "STREET_VIEW", + "SHOPPING" ], "enumDescriptions": [ "Not useful.", "Google Cloud Platform Org.", "Ads (Advertising) Org.", "Photos Org.", - "Street View Org." + "Street View Org.", + "Shopping Org." ], "type": "string" }, diff --git a/serviceconsumermanagement/v1beta1/serviceconsumermanagement-gen.go b/serviceconsumermanagement/v1beta1/serviceconsumermanagement-gen.go index 67b63b17b28..ab64639c052 100644 --- a/serviceconsumermanagement/v1beta1/serviceconsumermanagement-gen.go +++ b/serviceconsumermanagement/v1beta1/serviceconsumermanagement-gen.go @@ -3133,6 +3133,7 @@ type Publishing struct { // "ADS" - Ads (Advertising) Org. // "PHOTOS" - Photos Org. // "STREET_VIEW" - Street View Org. + // "SHOPPING" - Shopping Org. Organization string `json:"organization,omitempty"` // ProtoReferenceDocumentationUri: Optional link to proto reference diff --git a/serviceusage/v1/serviceusage-api.json b/serviceusage/v1/serviceusage-api.json index 06b381c2a82..a29611fc0c2 100644 --- a/serviceusage/v1/serviceusage-api.json +++ b/serviceusage/v1/serviceusage-api.json @@ -426,7 +426,7 @@ } } }, - "revision": "20230409", + "revision": "20230412", "rootUrl": "https://serviceusage.googleapis.com/", "schemas": { "AdminQuotaPolicy": { @@ -2667,14 +2667,16 @@ "CLOUD", "ADS", "PHOTOS", - "STREET_VIEW" + "STREET_VIEW", + "SHOPPING" ], "enumDescriptions": [ "Not useful.", "Google Cloud Platform Org.", "Ads (Advertising) Org.", "Photos Org.", - "Street View Org." + "Street View Org.", + "Shopping Org." ], "type": "string" }, diff --git a/serviceusage/v1/serviceusage-gen.go b/serviceusage/v1/serviceusage-gen.go index 45e5a42811a..2e5ea7e2f24 100644 --- a/serviceusage/v1/serviceusage-gen.go +++ b/serviceusage/v1/serviceusage-gen.go @@ -4243,6 +4243,7 @@ type Publishing struct { // "ADS" - Ads (Advertising) Org. // "PHOTOS" - Photos Org. // "STREET_VIEW" - Street View Org. + // "SHOPPING" - Shopping Org. Organization string `json:"organization,omitempty"` // ProtoReferenceDocumentationUri: Optional link to proto reference diff --git a/serviceusage/v1beta1/serviceusage-api.json b/serviceusage/v1beta1/serviceusage-api.json index 017af3cb7a4..13c699a153d 100644 --- a/serviceusage/v1beta1/serviceusage-api.json +++ b/serviceusage/v1beta1/serviceusage-api.json @@ -959,7 +959,7 @@ } } }, - "revision": "20230409", + "revision": "20230412", "rootUrl": "https://serviceusage.googleapis.com/", "schemas": { "AdminQuotaPolicy": { @@ -3371,14 +3371,16 @@ "CLOUD", "ADS", "PHOTOS", - "STREET_VIEW" + "STREET_VIEW", + "SHOPPING" ], "enumDescriptions": [ "Not useful.", "Google Cloud Platform Org.", "Ads (Advertising) Org.", "Photos Org.", - "Street View Org." + "Street View Org.", + "Shopping Org." ], "type": "string" }, diff --git a/serviceusage/v1beta1/serviceusage-gen.go b/serviceusage/v1beta1/serviceusage-gen.go index 694caacec20..7877a1a85a7 100644 --- a/serviceusage/v1beta1/serviceusage-gen.go +++ b/serviceusage/v1beta1/serviceusage-gen.go @@ -4573,6 +4573,7 @@ type Publishing struct { // "ADS" - Ads (Advertising) Org. // "PHOTOS" - Photos Org. // "STREET_VIEW" - Street View Org. + // "SHOPPING" - Shopping Org. Organization string `json:"organization,omitempty"` // ProtoReferenceDocumentationUri: Optional link to proto reference diff --git a/sqladmin/v1/sqladmin-api.json b/sqladmin/v1/sqladmin-api.json index a87782715a0..9c5c788090f 100644 --- a/sqladmin/v1/sqladmin-api.json +++ b/sqladmin/v1/sqladmin-api.json @@ -2023,7 +2023,7 @@ } } }, - "revision": "20230403", + "revision": "20230405", "rootUrl": "https://sqladmin.googleapis.com/", "schemas": { "AclEntry": { @@ -2428,6 +2428,10 @@ "MYSQL_8_0_30", "MYSQL_8_0_31", "MYSQL_8_0_32", + "MYSQL_8_0_33", + "MYSQL_8_0_34", + "MYSQL_8_0_35", + "MYSQL_8_0_36", "SQLSERVER_2019_STANDARD", "SQLSERVER_2019_ENTERPRISE", "SQLSERVER_2019_EXPRESS", @@ -2458,6 +2462,10 @@ "The database major version is MySQL 8.0 and the minor version is 30.", "The database major version is MySQL 8.0 and the minor version is 31.", "The database major version is MySQL 8.0 and the minor version is 32.", + "The database major version is MySQL 8.0 and the minor version is 33.", + "The database major version is MySQL 8.0 and the minor version is 34.", + "The database major version is MySQL 8.0 and the minor version is 35.", + "The database major version is MySQL 8.0 and the minor version is 36.", "The database version is SQL Server 2019 Standard.", "The database version is SQL Server 2019 Enterprise.", "The database version is SQL Server 2019 Express.", @@ -2619,6 +2627,10 @@ "MYSQL_8_0_30", "MYSQL_8_0_31", "MYSQL_8_0_32", + "MYSQL_8_0_33", + "MYSQL_8_0_34", + "MYSQL_8_0_35", + "MYSQL_8_0_36", "SQLSERVER_2019_STANDARD", "SQLSERVER_2019_ENTERPRISE", "SQLSERVER_2019_EXPRESS", @@ -2649,6 +2661,10 @@ "The database major version is MySQL 8.0 and the minor version is 30.", "The database major version is MySQL 8.0 and the minor version is 31.", "The database major version is MySQL 8.0 and the minor version is 32.", + "The database major version is MySQL 8.0 and the minor version is 33.", + "The database major version is MySQL 8.0 and the minor version is 34.", + "The database major version is MySQL 8.0 and the minor version is 35.", + "The database major version is MySQL 8.0 and the minor version is 36.", "The database version is SQL Server 2019 Standard.", "The database version is SQL Server 2019 Enterprise.", "The database version is SQL Server 2019 Express.", @@ -3155,6 +3171,10 @@ "MYSQL_8_0_30", "MYSQL_8_0_31", "MYSQL_8_0_32", + "MYSQL_8_0_33", + "MYSQL_8_0_34", + "MYSQL_8_0_35", + "MYSQL_8_0_36", "SQLSERVER_2019_STANDARD", "SQLSERVER_2019_ENTERPRISE", "SQLSERVER_2019_EXPRESS", @@ -3185,6 +3205,10 @@ "The database major version is MySQL 8.0 and the minor version is 30.", "The database major version is MySQL 8.0 and the minor version is 31.", "The database major version is MySQL 8.0 and the minor version is 32.", + "The database major version is MySQL 8.0 and the minor version is 33.", + "The database major version is MySQL 8.0 and the minor version is 34.", + "The database major version is MySQL 8.0 and the minor version is 35.", + "The database major version is MySQL 8.0 and the minor version is 36.", "The database version is SQL Server 2019 Standard.", "The database version is SQL Server 2019 Enterprise.", "The database version is SQL Server 2019 Express.", diff --git a/sqladmin/v1/sqladmin-gen.go b/sqladmin/v1/sqladmin-gen.go index f66444b0009..3413cd374ed 100644 --- a/sqladmin/v1/sqladmin-gen.go +++ b/sqladmin/v1/sqladmin-gen.go @@ -840,6 +840,14 @@ type ConnectSettings struct { // minor version is 31. // "MYSQL_8_0_32" - The database major version is MySQL 8.0 and the // minor version is 32. + // "MYSQL_8_0_33" - The database major version is MySQL 8.0 and the + // minor version is 33. + // "MYSQL_8_0_34" - The database major version is MySQL 8.0 and the + // minor version is 34. + // "MYSQL_8_0_35" - The database major version is MySQL 8.0 and the + // minor version is 35. + // "MYSQL_8_0_36" - The database major version is MySQL 8.0 and the + // minor version is 36. // "SQLSERVER_2019_STANDARD" - The database version is SQL Server 2019 // Standard. // "SQLSERVER_2019_ENTERPRISE" - The database version is SQL Server @@ -1068,6 +1076,14 @@ type DatabaseInstance struct { // minor version is 31. // "MYSQL_8_0_32" - The database major version is MySQL 8.0 and the // minor version is 32. + // "MYSQL_8_0_33" - The database major version is MySQL 8.0 and the + // minor version is 33. + // "MYSQL_8_0_34" - The database major version is MySQL 8.0 and the + // minor version is 34. + // "MYSQL_8_0_35" - The database major version is MySQL 8.0 and the + // minor version is 35. + // "MYSQL_8_0_36" - The database major version is MySQL 8.0 and the + // minor version is 36. // "SQLSERVER_2019_STANDARD" - The database version is SQL Server 2019 // Standard. // "SQLSERVER_2019_ENTERPRISE" - The database version is SQL Server @@ -1886,6 +1902,14 @@ type Flag struct { // minor version is 31. // "MYSQL_8_0_32" - The database major version is MySQL 8.0 and the // minor version is 32. + // "MYSQL_8_0_33" - The database major version is MySQL 8.0 and the + // minor version is 33. + // "MYSQL_8_0_34" - The database major version is MySQL 8.0 and the + // minor version is 34. + // "MYSQL_8_0_35" - The database major version is MySQL 8.0 and the + // minor version is 35. + // "MYSQL_8_0_36" - The database major version is MySQL 8.0 and the + // minor version is 36. // "SQLSERVER_2019_STANDARD" - The database version is SQL Server 2019 // Standard. // "SQLSERVER_2019_ENTERPRISE" - The database version is SQL Server diff --git a/sqladmin/v1beta4/sqladmin-api.json b/sqladmin/v1beta4/sqladmin-api.json index e475a0deef9..a6399f5ec0d 100644 --- a/sqladmin/v1beta4/sqladmin-api.json +++ b/sqladmin/v1beta4/sqladmin-api.json @@ -2023,7 +2023,7 @@ } } }, - "revision": "20230403", + "revision": "20230405", "rootUrl": "https://sqladmin.googleapis.com/", "schemas": { "AclEntry": { @@ -2428,6 +2428,10 @@ "MYSQL_8_0_30", "MYSQL_8_0_31", "MYSQL_8_0_32", + "MYSQL_8_0_33", + "MYSQL_8_0_34", + "MYSQL_8_0_35", + "MYSQL_8_0_36", "SQLSERVER_2019_STANDARD", "SQLSERVER_2019_ENTERPRISE", "SQLSERVER_2019_EXPRESS", @@ -2458,6 +2462,10 @@ "The database major version is MySQL 8.0 and the minor version is 30.", "The database major version is MySQL 8.0 and the minor version is 31.", "The database major version is MySQL 8.0 and the minor version is 32.", + "The database major version is MySQL 8.0 and the minor version is 33.", + "The database major version is MySQL 8.0 and the minor version is 34.", + "The database major version is MySQL 8.0 and the minor version is 35.", + "The database major version is MySQL 8.0 and the minor version is 36.", "The database version is SQL Server 2019 Standard.", "The database version is SQL Server 2019 Enterprise.", "The database version is SQL Server 2019 Express.", @@ -2619,6 +2627,10 @@ "MYSQL_8_0_30", "MYSQL_8_0_31", "MYSQL_8_0_32", + "MYSQL_8_0_33", + "MYSQL_8_0_34", + "MYSQL_8_0_35", + "MYSQL_8_0_36", "SQLSERVER_2019_STANDARD", "SQLSERVER_2019_ENTERPRISE", "SQLSERVER_2019_EXPRESS", @@ -2649,6 +2661,10 @@ "The database major version is MySQL 8.0 and the minor version is 30.", "The database major version is MySQL 8.0 and the minor version is 31.", "The database major version is MySQL 8.0 and the minor version is 32.", + "The database major version is MySQL 8.0 and the minor version is 33.", + "The database major version is MySQL 8.0 and the minor version is 34.", + "The database major version is MySQL 8.0 and the minor version is 35.", + "The database major version is MySQL 8.0 and the minor version is 36.", "The database version is SQL Server 2019 Standard.", "The database version is SQL Server 2019 Enterprise.", "The database version is SQL Server 2019 Express.", @@ -3155,6 +3171,10 @@ "MYSQL_8_0_30", "MYSQL_8_0_31", "MYSQL_8_0_32", + "MYSQL_8_0_33", + "MYSQL_8_0_34", + "MYSQL_8_0_35", + "MYSQL_8_0_36", "SQLSERVER_2019_STANDARD", "SQLSERVER_2019_ENTERPRISE", "SQLSERVER_2019_EXPRESS", @@ -3185,6 +3205,10 @@ "The database major version is MySQL 8.0 and the minor version is 30.", "The database major version is MySQL 8.0 and the minor version is 31.", "The database major version is MySQL 8.0 and the minor version is 32.", + "The database major version is MySQL 8.0 and the minor version is 33.", + "The database major version is MySQL 8.0 and the minor version is 34.", + "The database major version is MySQL 8.0 and the minor version is 35.", + "The database major version is MySQL 8.0 and the minor version is 36.", "The database version is SQL Server 2019 Standard.", "The database version is SQL Server 2019 Enterprise.", "The database version is SQL Server 2019 Express.", diff --git a/sqladmin/v1beta4/sqladmin-gen.go b/sqladmin/v1beta4/sqladmin-gen.go index cf48447471b..e03d5fdefbc 100644 --- a/sqladmin/v1beta4/sqladmin-gen.go +++ b/sqladmin/v1beta4/sqladmin-gen.go @@ -840,6 +840,14 @@ type ConnectSettings struct { // minor version is 31. // "MYSQL_8_0_32" - The database major version is MySQL 8.0 and the // minor version is 32. + // "MYSQL_8_0_33" - The database major version is MySQL 8.0 and the + // minor version is 33. + // "MYSQL_8_0_34" - The database major version is MySQL 8.0 and the + // minor version is 34. + // "MYSQL_8_0_35" - The database major version is MySQL 8.0 and the + // minor version is 35. + // "MYSQL_8_0_36" - The database major version is MySQL 8.0 and the + // minor version is 36. // "SQLSERVER_2019_STANDARD" - The database version is SQL Server 2019 // Standard. // "SQLSERVER_2019_ENTERPRISE" - The database version is SQL Server @@ -1067,6 +1075,14 @@ type DatabaseInstance struct { // minor version is 31. // "MYSQL_8_0_32" - The database major version is MySQL 8.0 and the // minor version is 32. + // "MYSQL_8_0_33" - The database major version is MySQL 8.0 and the + // minor version is 33. + // "MYSQL_8_0_34" - The database major version is MySQL 8.0 and the + // minor version is 34. + // "MYSQL_8_0_35" - The database major version is MySQL 8.0 and the + // minor version is 35. + // "MYSQL_8_0_36" - The database major version is MySQL 8.0 and the + // minor version is 36. // "SQLSERVER_2019_STANDARD" - The database version is SQL Server 2019 // Standard. // "SQLSERVER_2019_ENTERPRISE" - The database version is SQL Server @@ -1885,6 +1901,14 @@ type Flag struct { // minor version is 31. // "MYSQL_8_0_32" - The database major version is MySQL 8.0 and the // minor version is 32. + // "MYSQL_8_0_33" - The database major version is MySQL 8.0 and the + // minor version is 33. + // "MYSQL_8_0_34" - The database major version is MySQL 8.0 and the + // minor version is 34. + // "MYSQL_8_0_35" - The database major version is MySQL 8.0 and the + // minor version is 35. + // "MYSQL_8_0_36" - The database major version is MySQL 8.0 and the + // minor version is 36. // "SQLSERVER_2019_STANDARD" - The database version is SQL Server 2019 // Standard. // "SQLSERVER_2019_ENTERPRISE" - The database version is SQL Server diff --git a/testing/v1/testing-api.json b/testing/v1/testing-api.json index e8538157339..a116723ad72 100644 --- a/testing/v1/testing-api.json +++ b/testing/v1/testing-api.json @@ -282,7 +282,7 @@ } } }, - "revision": "20230404", + "revision": "20230411", "rootUrl": "https://testing.googleapis.com/", "schemas": { "Account": { @@ -2112,7 +2112,7 @@ }, "systrace": { "$ref": "SystraceSetup", - "description": "Deprecated: Systrace uses Python 2 which has been sunset 2020-01-01. Support of Systrace may stop at any time, at which point no Systrace file will be provided in the results. Systrace configuration for the run. If set a systrace will be taken, starting on test start and lasting for the configured duration. The systrace file thus obtained is put in the results bucket together with the other artifacts from the run." + "description": "Systrace configuration for the run. Deprecated: Systrace used Python 2 which was sunsetted on 2020-01-01. Systrace is no longer supported in the Cloud Testing API, and no Systrace file will be provided in the results." } }, "type": "object" diff --git a/testing/v1/testing-gen.go b/testing/v1/testing-gen.go index 1b6443a7636..203a3148a4b 100644 --- a/testing/v1/testing-gen.go +++ b/testing/v1/testing-gen.go @@ -3075,13 +3075,10 @@ type TestSetup struct { // TestEnvironmentDiscoveryService.GetTestEnvironmentCatalog. NetworkProfile string `json:"networkProfile,omitempty"` - // Systrace: Deprecated: Systrace uses Python 2 which has been sunset - // 2020-01-01. Support of Systrace may stop at any time, at which point - // no Systrace file will be provided in the results. Systrace - // configuration for the run. If set a systrace will be taken, starting - // on test start and lasting for the configured duration. The systrace - // file thus obtained is put in the results bucket together with the - // other artifacts from the run. + // Systrace: Systrace configuration for the run. Deprecated: Systrace + // used Python 2 which was sunsetted on 2020-01-01. Systrace is no + // longer supported in the Cloud Testing API, and no Systrace file will + // be provided in the results. Systrace *SystraceSetup `json:"systrace,omitempty"` // ForceSendFields is a list of field names (e.g. "Account") to diff --git a/vision/v1/vision-api.json b/vision/v1/vision-api.json index 376264af6ba..cfeaf4fec5b 100644 --- a/vision/v1/vision-api.json +++ b/vision/v1/vision-api.json @@ -1282,7 +1282,7 @@ } } }, - "revision": "20230303", + "revision": "20230407", "rootUrl": "https://vision.googleapis.com/", "schemas": { "AddProductToProductSetRequest": { @@ -9148,7 +9148,7 @@ "id": "TextDetectionParams", "properties": { "advancedOcrOptions": { - "description": "A list of advanced OCR options to fine-tune OCR behavior.", + "description": "A list of advanced OCR options to further fine-tune OCR behavior. Current valid values are: - `legacy_layout`: a heuristics layout detection algorithm, which serves as an alternative to the current ML-based layout detection algorithm. Customers can choose the best suitable layout algorithm based on their situation.", "items": { "type": "string" }, diff --git a/vision/v1/vision-gen.go b/vision/v1/vision-gen.go index 4c4b70ee9ac..3839cdc61f5 100644 --- a/vision/v1/vision-gen.go +++ b/vision/v1/vision-gen.go @@ -13516,8 +13516,12 @@ func (s *TextAnnotation) MarshalJSON() ([]byte, error) { // TextDetectionParams: Parameters for text detections. This is used to // control TEXT_DETECTION and DOCUMENT_TEXT_DETECTION features. type TextDetectionParams struct { - // AdvancedOcrOptions: A list of advanced OCR options to fine-tune OCR - // behavior. + // AdvancedOcrOptions: A list of advanced OCR options to further + // fine-tune OCR behavior. Current valid values are: - `legacy_layout`: + // a heuristics layout detection algorithm, which serves as an + // alternative to the current ML-based layout detection algorithm. + // Customers can choose the best suitable layout algorithm based on + // their situation. AdvancedOcrOptions []string `json:"advancedOcrOptions,omitempty"` // EnableTextDetectionConfidenceScore: By default, Cloud Vision API only diff --git a/vision/v1p1beta1/vision-api.json b/vision/v1p1beta1/vision-api.json index 764e0c80d43..e731acee495 100644 --- a/vision/v1p1beta1/vision-api.json +++ b/vision/v1p1beta1/vision-api.json @@ -449,7 +449,7 @@ } } }, - "revision": "20220926", + "revision": "20230407", "rootUrl": "https://vision.googleapis.com/", "schemas": { "AnnotateFileResponse": { @@ -2711,7 +2711,7 @@ "id": "GoogleCloudVisionV1p1beta1TextDetectionParams", "properties": { "advancedOcrOptions": { - "description": "A list of advanced OCR options to fine-tune OCR behavior.", + "description": "A list of advanced OCR options to further fine-tune OCR behavior. Current valid values are: - `legacy_layout`: a heuristics layout detection algorithm, which serves as an alternative to the current ML-based layout detection algorithm. Customers can choose the best suitable layout algorithm based on their situation.", "items": { "type": "string" }, diff --git a/vision/v1p1beta1/vision-gen.go b/vision/v1p1beta1/vision-gen.go index c3646d55427..7e7a530dba5 100644 --- a/vision/v1p1beta1/vision-gen.go +++ b/vision/v1p1beta1/vision-gen.go @@ -3982,8 +3982,12 @@ func (s *GoogleCloudVisionV1p1beta1TextAnnotationTextProperty) MarshalJSON() ([] // detections. This is used to control TEXT_DETECTION and // DOCUMENT_TEXT_DETECTION features. type GoogleCloudVisionV1p1beta1TextDetectionParams struct { - // AdvancedOcrOptions: A list of advanced OCR options to fine-tune OCR - // behavior. + // AdvancedOcrOptions: A list of advanced OCR options to further + // fine-tune OCR behavior. Current valid values are: - `legacy_layout`: + // a heuristics layout detection algorithm, which serves as an + // alternative to the current ML-based layout detection algorithm. + // Customers can choose the best suitable layout algorithm based on + // their situation. AdvancedOcrOptions []string `json:"advancedOcrOptions,omitempty"` // EnableTextDetectionConfidenceScore: By default, Cloud Vision API only diff --git a/vision/v1p2beta1/vision-api.json b/vision/v1p2beta1/vision-api.json index 55ea4d28b88..9241d7448bf 100644 --- a/vision/v1p2beta1/vision-api.json +++ b/vision/v1p2beta1/vision-api.json @@ -449,7 +449,7 @@ } } }, - "revision": "20220926", + "revision": "20230407", "rootUrl": "https://vision.googleapis.com/", "schemas": { "AnnotateFileResponse": { @@ -4124,7 +4124,7 @@ "id": "GoogleCloudVisionV1p2beta1TextDetectionParams", "properties": { "advancedOcrOptions": { - "description": "A list of advanced OCR options to fine-tune OCR behavior.", + "description": "A list of advanced OCR options to further fine-tune OCR behavior. Current valid values are: - `legacy_layout`: a heuristics layout detection algorithm, which serves as an alternative to the current ML-based layout detection algorithm. Customers can choose the best suitable layout algorithm based on their situation.", "items": { "type": "string" }, diff --git a/vision/v1p2beta1/vision-gen.go b/vision/v1p2beta1/vision-gen.go index c6f1080d827..d1331550f88 100644 --- a/vision/v1p2beta1/vision-gen.go +++ b/vision/v1p2beta1/vision-gen.go @@ -6282,8 +6282,12 @@ func (s *GoogleCloudVisionV1p2beta1TextAnnotationTextProperty) MarshalJSON() ([] // detections. This is used to control TEXT_DETECTION and // DOCUMENT_TEXT_DETECTION features. type GoogleCloudVisionV1p2beta1TextDetectionParams struct { - // AdvancedOcrOptions: A list of advanced OCR options to fine-tune OCR - // behavior. + // AdvancedOcrOptions: A list of advanced OCR options to further + // fine-tune OCR behavior. Current valid values are: - `legacy_layout`: + // a heuristics layout detection algorithm, which serves as an + // alternative to the current ML-based layout detection algorithm. + // Customers can choose the best suitable layout algorithm based on + // their situation. AdvancedOcrOptions []string `json:"advancedOcrOptions,omitempty"` // EnableTextDetectionConfidenceScore: By default, Cloud Vision API only diff --git a/workstations/v1beta/workstations-api.json b/workstations/v1beta/workstations-api.json index ad740c8ef7a..f559502c895 100644 --- a/workstations/v1beta/workstations-api.json +++ b/workstations/v1beta/workstations-api.json @@ -1127,7 +1127,7 @@ } } }, - "revision": "20230327", + "revision": "20230405", "rootUrl": "https://workstations.googleapis.com/", "schemas": { "AuditConfig": { @@ -1252,11 +1252,11 @@ "id": "CustomerEncryptionKey", "properties": { "kmsKey": { - "description": "The name of the Google Cloud KMS encryption key. For example, `projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME`.", + "description": "Immutable. The name of the Google Cloud KMS encryption key. For example, `projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME`.", "type": "string" }, "kmsKeyServiceAccount": { - "description": "The service account to use with the specified KMS key. We recommend that you use a separate service account and follow KMS best practices. For more information, see [Separation of duties](https://cloud.google.com/kms/docs/separation-of-duties) and `gcloud kms keys add-iam-policy-binding` [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).", + "description": "Immutable. The service account to use with the specified KMS key. We recommend that you use a separate service account and follow KMS best practices. For more information, see [Separation of duties](https://cloud.google.com/kms/docs/separation-of-duties) and `gcloud kms keys add-iam-policy-binding` [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member).", "type": "string" } }, @@ -1871,6 +1871,13 @@ "description": "Human-readable name for this resource.", "type": "string" }, + "env": { + "additionalProperties": { + "type": "string" + }, + "description": "Environment variables passed to the workstation container.", + "type": "object" + }, "etag": { "description": "Checksum computed by the server. May be sent on update and delete requests to ensure that the client has an up-to-date value before proceeding.", "type": "string" @@ -1948,6 +1955,11 @@ "readOnly": true, "type": "array" }, + "controlPlaneIp": { + "description": "Output only. The private IP address of the control plane for this cluster. Workstation VMs need access to this IP address to work with the service, so please ensure your firewall rules allow egress from the Workstation VMs to this address.", + "readOnly": true, + "type": "string" + }, "createTime": { "description": "Output only. Time when this resource was created.", "format": "google-datetime", @@ -2059,9 +2071,13 @@ "description": "Human-readable name for this resource.", "type": "string" }, + "enableAuditAgent": { + "description": "Whether to enable linux auditd logging on the workstation. When enabled, a service account must also be specified that has logging.buckets.write permission on the project. Operating system audit logging is distinct from [Cloud Audit Logs](https://cloud.google.com/workstations/docs/audit-logging).", + "type": "boolean" + }, "encryptionKey": { "$ref": "CustomerEncryptionKey", - "description": "Encrypts resources of this workstation configuration using a customer-managed encryption key. If specified, the boot disk of the Compute Engine instance and the persistent disk are encrypted using this encryption key. If this field is not set, the disks are encrypted using a generated key. Customer-managed encryption keys do not protect disk metadata. If the customer-managed encryption key is rotated, when the workstation instance is stopped, the system attempts to recreate the persistent disk with the new version of the key. Be sure to keep older versions of the key until the persistent disk is recreated. Otherwise, data on the persistent disk will be lost. If the encryption key is revoked, the workstation session will automatically be stopped within 7 hours." + "description": "Immutable. Encrypts resources of this workstation configuration using a customer-managed encryption key. If specified, the boot disk of the Compute Engine instance and the persistent disk are encrypted using this encryption key. If this field is not set, the disks are encrypted using a generated key. Customer-managed encryption keys do not protect disk metadata. If the customer-managed encryption key is rotated, when the workstation instance is stopped, the system attempts to recreate the persistent disk with the new version of the key. Be sure to keep older versions of the key until the persistent disk is recreated. Otherwise, data on the persistent disk will be lost. If the encryption key is revoked, the workstation session will automatically be stopped within 7 hours. Immutable after workstation config is created." }, "etag": { "description": "Checksum computed by the server. May be sent on update and delete requests to ensure that the client has an up-to-date value before proceeding.", diff --git a/workstations/v1beta/workstations-gen.go b/workstations/v1beta/workstations-gen.go index e6956333cdb..600058bc7eb 100644 --- a/workstations/v1beta/workstations-gen.go +++ b/workstations/v1beta/workstations-gen.go @@ -436,16 +436,18 @@ func (s *Container) MarshalJSON() ([]byte, error) { // CustomerEncryptionKey: A customer-managed encryption key for the // Compute Engine resources of this workstation configuration. type CustomerEncryptionKey struct { - // KmsKey: The name of the Google Cloud KMS encryption key. For example, + // KmsKey: Immutable. The name of the Google Cloud KMS encryption key. + // For example, // `projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY // _NAME`. KmsKey string `json:"kmsKey,omitempty"` - // KmsKeyServiceAccount: The service account to use with the specified - // KMS key. We recommend that you use a separate service account and - // follow KMS best practices. For more information, see Separation of - // duties (https://cloud.google.com/kms/docs/separation-of-duties) and - // `gcloud kms keys add-iam-policy-binding` `--member` + // KmsKeyServiceAccount: Immutable. The service account to use with the + // specified KMS key. We recommend that you use a separate service + // account and follow KMS best practices. For more information, see + // Separation of duties + // (https://cloud.google.com/kms/docs/separation-of-duties) and `gcloud + // kms keys add-iam-policy-binding` `--member` // (https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member). KmsKeyServiceAccount string `json:"kmsKeyServiceAccount,omitempty"` @@ -1595,6 +1597,9 @@ type Workstation struct { // DisplayName: Human-readable name for this resource. DisplayName string `json:"displayName,omitempty"` + // Env: Environment variables passed to the workstation container. + Env map[string]string `json:"env,omitempty"` + // Etag: Checksum computed by the server. May be sent on update and // delete requests to ensure that the client has an up-to-date value // before proceeding. @@ -1676,6 +1681,12 @@ type WorkstationCluster struct { // resource state. Conditions []*Status `json:"conditions,omitempty"` + // ControlPlaneIp: Output only. The private IP address of the control + // plane for this cluster. Workstation VMs need access to this IP + // address to work with the service, so please ensure your firewall + // rules allow egress from the Workstation VMs to this address. + ControlPlaneIp string `json:"controlPlaneIp,omitempty"` + // CreateTime: Output only. Time when this resource was created. CreateTime string `json:"createTime,omitempty"` @@ -1782,18 +1793,26 @@ type WorkstationConfig struct { // DisplayName: Human-readable name for this resource. DisplayName string `json:"displayName,omitempty"` - // EncryptionKey: Encrypts resources of this workstation configuration - // using a customer-managed encryption key. If specified, the boot disk - // of the Compute Engine instance and the persistent disk are encrypted - // using this encryption key. If this field is not set, the disks are - // encrypted using a generated key. Customer-managed encryption keys do - // not protect disk metadata. If the customer-managed encryption key is - // rotated, when the workstation instance is stopped, the system - // attempts to recreate the persistent disk with the new version of the - // key. Be sure to keep older versions of the key until the persistent - // disk is recreated. Otherwise, data on the persistent disk will be - // lost. If the encryption key is revoked, the workstation session will - // automatically be stopped within 7 hours. + // EnableAuditAgent: Whether to enable linux auditd logging on the + // workstation. When enabled, a service account must also be specified + // that has logging.buckets.write permission on the project. Operating + // system audit logging is distinct from Cloud Audit Logs + // (https://cloud.google.com/workstations/docs/audit-logging). + EnableAuditAgent bool `json:"enableAuditAgent,omitempty"` + + // EncryptionKey: Immutable. Encrypts resources of this workstation + // configuration using a customer-managed encryption key. If specified, + // the boot disk of the Compute Engine instance and the persistent disk + // are encrypted using this encryption key. If this field is not set, + // the disks are encrypted using a generated key. Customer-managed + // encryption keys do not protect disk metadata. If the customer-managed + // encryption key is rotated, when the workstation instance is stopped, + // the system attempts to recreate the persistent disk with the new + // version of the key. Be sure to keep older versions of the key until + // the persistent disk is recreated. Otherwise, data on the persistent + // disk will be lost. If the encryption key is revoked, the workstation + // session will automatically be stopped within 7 hours. Immutable after + // workstation config is created. EncryptionKey *CustomerEncryptionKey `json:"encryptionKey,omitempty"` // Etag: Checksum computed by the server. May be sent on update and