feat: add fields related to Google services to API

PiperOrigin-RevId: 555584241
googleapis · Aug 10, 2023 · 2d1ca1b · 2d1ca1b
1 parent b691174
commit 2d1ca1b
Show file tree

Hide file tree

Showing 2 changed files with 88 additions and 0 deletions.
diff --git a/google/cloud/networkmanagement/v1/trace.proto b/google/cloud/networkmanagement/v1/trace.proto
@@ -68,6 +68,12 @@ message Step {
     // The endpoint information is populated.
     START_FROM_INTERNET = 2;
 
+    // Initial state: packet originating from a Google service. Some Google
+    // services, such as health check probers or Identity Aware Proxy use
+    // special routes, outside VPC routing configuration to reach Compute Engine
+    // Instances.
+    START_FROM_GOOGLE_SERVICE = 27;
+
     // Initial state: packet originating from a VPC or on-premises network
     // with internal source IP.
     // If the source is a VPC network visible to the user, a NetworkInfo
@@ -186,6 +192,9 @@ message Step {
     // or Connection Proxy.
     EndpointInfo endpoint = 8;
 
+    // Display information of a Google service
+    GoogleServiceInfo google_service = 24;
+
     // Display information of a Compute Engine forwarding rule.
     ForwardingRuleInfo forwarding_rule = 9;
 
@@ -480,6 +489,41 @@ message RouteInfo {
   optional string ncc_spoke_uri = 16;
 }
 
+// For display only. Details of a Google Service sending packets to a
+// VPC network. Although the source IP might be a publicly routable address,
+// some Google Services use special routes within Google production
+// infrastructure to reach Compute Engine Instances.
+// https://cloud.google.com/vpc/docs/routes#special_return_paths
+message GoogleServiceInfo {
+  // Recognized type of a Google Service.
+  enum GoogleServiceType {
+    // Unspecified Google Service. Includes most of Google APIs and services.
+    GOOGLE_SERVICE_TYPE_UNSPECIFIED = 0;
+
+    // Identity aware proxy.
+    // https://cloud.google.com/iap/docs/using-tcp-forwarding
+    IAP = 1;
+
+    // One of two services sharing IP ranges:
+    // * Load Balancer proxy
+    // * Centralized Health Check prober
+    // https://cloud.google.com/load-balancing/docs/firewall-rules
+    GFE_PROXY_OR_HEALTH_CHECK_PROBER = 2;
+
+    // Connectivity from Cloud DNS to forwarding targets or alternate name
+    // servers that use private routing.
+    // https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules
+    // https://cloud.google.com/dns/docs/policies#firewall-rules
+    CLOUD_DNS = 3;
+  }
+
+  // Source IP address.
+  string source_ip = 1;
+
+  // Recognized type of a Google Service.
+  GoogleServiceType google_service_type = 2;
+}
+
 // For display only. Metadata associated with a Compute Engine forwarding rule.
 message ForwardingRuleInfo {
   // Name of a Compute Engine forwarding rule.

diff --git a/google/cloud/networkmanagement/v1beta1/trace.proto b/google/cloud/networkmanagement/v1beta1/trace.proto
@@ -68,6 +68,12 @@ message Step {
     // The endpoint information is populated.
     START_FROM_INTERNET = 2;
 
+    // Initial state: packet originating from a Google service. Some Google
+    // services, such as health check probers or Identity Aware Proxy use
+    // special routes, outside VPC routing configuration to reach Compute Engine
+    // Instances.
+    START_FROM_GOOGLE_SERVICE = 27;
+
     // Initial state: packet originating from a VPC or on-premises network
     // with internal source IP.
     // If the source is a VPC network visible to the user, a NetworkInfo
@@ -186,6 +192,9 @@ message Step {
     // or Connection Proxy.
     EndpointInfo endpoint = 8;
 
+    // Display information of a Google service
+    GoogleServiceInfo google_service = 24;
+
     // Display information of a Compute Engine forwarding rule.
     ForwardingRuleInfo forwarding_rule = 9;
 
@@ -480,6 +489,41 @@ message RouteInfo {
   optional string ncc_spoke_uri = 16;
 }
 
+// For display only. Details of a Google Service sending packets to a
+// VPC network. Although the source IP might be a publicly routable address,
+// some Google Services use special routes within Google production
+// infrastructure to reach Compute Engine Instances.
+// https://cloud.google.com/vpc/docs/routes#special_return_paths
+message GoogleServiceInfo {
+  // Recognized type of a Google Service.
+  enum GoogleServiceType {
+    // Unspecified Google Service. Includes most of Google APIs and services.
+    GOOGLE_SERVICE_TYPE_UNSPECIFIED = 0;
+
+    // Identity aware proxy.
+    // https://cloud.google.com/iap/docs/using-tcp-forwarding
+    IAP = 1;
+
+    // One of two services sharing IP ranges:
+    // * Load Balancer proxy
+    // * Centralized Health Check prober
+    // https://cloud.google.com/load-balancing/docs/firewall-rules
+    GFE_PROXY_OR_HEALTH_CHECK_PROBER = 2;
+
+    // Connectivity from Cloud DNS to forwarding targets or alternate name
+    // servers that use private routing.
+    // https://cloud.google.com/dns/docs/zones/forwarding-zones#firewall-rules
+    // https://cloud.google.com/dns/docs/policies#firewall-rules
+    CLOUD_DNS = 3;
+  }
+
+  // Source IP address.
+  string source_ip = 1;
+
+  // Recognized type of a Google Service.
+  GoogleServiceType google_service_type = 2;
+}
+
 // For display only. Metadata associated with a Compute Engine forwarding rule.
 message ForwardingRuleInfo {
   // Name of a Compute Engine forwarding rule.