Package-level declarations
Types
A specification of the type and number of accelerator cards attached to the instance.
An access configuration attached to an instance's network interface. Only one access config per instance is supported.
Specifies options for controlling advanced machine features. Options that would traditionally be configured in a BIOS belong here. Features that require operating system support may have corresponding entries in the GuestOsFeatures of an Image (e.g., whether or not the OS in the Image supports nested virtualization being enabled or disabled).
An alias IP range attached to an instance's network interface.
This reservation type is specified by total resource amounts (e.g. total count of CPUs) and can account for multiple instance SKUs. In other words, one can create instances of varying shapes against this reservation.
Output Only Contains output only fields.
Contains Properties set for the reservation.
Properties of the SKU instances being reserved. Next ID: 9
This reservation type allows to pre allocate specific instance configuration. Next ID: 6
Input Only Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance. This field is persisted and returned for instanceTemplate and not returned in the context of instance. This property is mutually exclusive with the source property; you can only define one or the other, but not both.
An instance-attached disk resource.
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both allServices
and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": "user:jose@example.com" }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": "user:aliya@example.com" } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": "user:jose@example.com" }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
Deprecated The authentication settings for the backend service. The authentication settings for the backend service.
Deprecated Authorization configuration provides service-level and method-level access control for a service. control for a service.
This is deprecated and has no effect. Do not use.
CPU utilization policy.
Configuration parameters of autoscaling based on load balancing.
Cloud Autoscaler policy.
Configuration that allows for slower scale in so that even if Autoscaler recommends an abrupt scale in of a MIG, it will be throttled as specified by the parameters below.
Configuration that allows for slower scale in so that even if Autoscaler recommends an abrupt scale in of a MIG, it will be throttled as specified by the parameters below.
Contains the configurations necessary to generate a signature for access to private storage buckets that support Signature Version 4 for authentication. The service name for generating the authentication header will always default to 's3'.
Bypass the cache when the specified request headers are present, e.g. Pragma or Authorization headers. Values are case insensitive. The presence of such a header overrides the cache_mode setting.
Message containing what to include in the cache key for a request for Cloud CDN.
Specify CDN TTLs for response error codes.
Message containing Cloud CDN configuration for a backend bucket.
Message containing information of one individual backend.
Bypass the cache when the specified request headers are present, e.g. Pragma or Authorization headers. Values are case insensitive. The presence of such a header overrides the cache_mode setting.
Specify CDN TTLs for response error codes.
Message containing Cloud CDN configuration for a backend service.
Connection Tracking configuration for this BackendService.
For load balancers that have configurable failover: Internal TCP/UDP Load Balancing and external TCP/UDP Load Balancing. On failover or failback, this field indicates whether connection draining will be honored. Google Cloud has a fixed connection draining timeout of 10 minutes. A setting of true terminates existing TCP connections to the active pool during failover and failback, immediately draining traffic. A setting of false allows existing TCP connections to persist, even on VMs no longer in the active pool, for up to the duration of the connection draining timeout (10 minutes).
Identity-Aware Proxy
The configuration for a custom policy implemented by the user and deployed with the client.
The configuration for a built-in load balancing policy.
Container for either a built-in LB policy supported by gRPC or Envoy or a custom one implemented by the end user.
Associates members
, or principals, with a role
.
A transient resource used in compute.instances.bulkInsert and compute.regionInstances.bulkInsert . This resource is not persisted anywhere, it is used only for processing the requests.
Message containing what to include in the cache key for a request for Cloud CDN.
Deprecated gRPC call credentials to access the SDS server. gRPC call credentials to access the SDS server.
Deprecated gRPC channel credentials to access the SDS server. gRPC channel credentials to access the SDS server.
Settings controlling the volume of requests, connections and retries to this backend service.
Deprecated The client side authentication settings for connection originating from the backend service. the backend service.
A set of Confidential Instance options.
Message containing connection draining configuration.
The information about the HTTP Cookie on which the hash function is based for load balancing policies that use a consistent hash.
This message defines settings for a consistent hash style load balancer.
The specification for allowing client-side cross-origin requests. For more information about the W3C recommendation for cross-origin resource sharing (CORS), see Fetch API Living Standard.
Specifies the mapping between the response code that will be returned along with the custom error content and the response code returned by the backend service.
Specifies the custom error response policy that must be applied when the backend service or backend bucket responds with an error.
Deprecation status for a public resource.
A specification of the desired way to instantiate a disk in the instance template when its created from a source instance.
Additional disk params.
A set of Display Device options
A Duration represents a fixed-length span of time represented as a count of seconds and fractions of seconds at nanosecond resolution. It is independent of any calendar and concepts like "day" or "month". Range is approximately 10,000 years.
Describes the cause of the error with structured details. Example of an error when contacting the "pubsub.googleapis.com" API when it is not enabled: { "reason": "API_DISABLED" "domain": "googleapis.com" "metadata": { "resource": "projects/123", "service": "pubsub.googleapis.com" } } This response indicates that the pubsub.googleapis.com API is not enabled. Example of an error that is returned when attempting to create a Spanner instance in a region that is out of stock: { "reason": "STOCKOUT" "domain": "spanner.googleapis.com", "metadata": { "availableRegions": "us-central1,us-east2" } }
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
The interface for the external VPN gateway.
The available logging options for a firewall rule.
Represents a match condition that incoming traffic is evaluated against. Exactly one field must be specified.
Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).
Encapsulates numeric value that can be either absolute or relative.
Describes the auto-registration of the Forwarding Rule to Service Directory. The region and project of the Service Directory resource generated from this registration will be the same as this Forwarding Rule.
The properties of the last known good state for the Future Reservation.
The state that the future reservation will be reverted to should the amendment be declined.
Output only Represents status related to the future reservation.
Properties to be set for the Future Reservation.
Deprecated gRPC config to access the SDS server. gRPC config to access the SDS server.
Guest OS features.
Configuration of logging on a health check. If logging is enabled, logs will be exported to Stackdriver.
Describes a URL link.
Provides links to documentation or for performing an out of band action. For example, if a quota check failed with an error indicating the calling project hasn't enabled the accessed service, this can contain a URL pointing directly to the right place in the developer console to flip the bit.
UrlMaps A host-matching rule for a URL. If matched, will use the named PathMatcher to select the BackendService.
Specification for how requests are aborted as part of fault injection.
Specifies the delay introduced by the load balancer before forwarding the request to the backend service as part of fault injection.
The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by the load balancer on a percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted by the load balancer for a percentage of requests.
HttpFilterConfiguration supplies additional contextual settings for networkservices.HttpFilter resources enabled by Traffic Director.
The request and response header transformations that take effect before the request is passed along to the selected backendService.
matchRule criteria for request header matches.
Specification determining how headers are added to requests or responses.
HttpRouteRuleMatch criteria for a request's query parameter.
The retry policy associates with HttpRouteRule
HttpRouteRuleMatch specifies a set of criteria for matching requests to an HttpRouteRule. All specified criteria must be satisfied for a match to occur.
The HttpRouteRule setting specifies how to match an HTTP request and the corresponding routing action that load balancing proxies perform.
The parameters of the raw disk image.
Initial State for shielded instance, these are public keys which are safe to store in public
Errors encountered during the queueing or provisioning phases of the ResizeRequest.
Additional instance params.
HttpRouteRuleMatch criteria for field values that must stay within the specified integer range.
Informational metadata about Partner attachments from Partners to display to customers. These fields are propagated from PARTNER_PROVIDER attachments to their corresponding PARTNER attachments.
Information for an interconnect attachment when this belongs to an interconnect of type DEDICATED.
Describes a single physical circuit between the Customer and Google. CircuitInfo objects are created by Google, so all fields are output only.
Describes a pre-shared key used to setup MACsec in static connectivity association key (CAK) mode.
Configuration information for enabling Media Access Control security (Macsec) on this Interconnect between Google and your on-premises router.
Deprecated This message specifies a header location to extract JWT token. This message specifies a header location to extract JWT token.
Deprecated JWT configuration for origin authentication. JWT configuration for origin authentication.
Commitment for a particular license resource.
Provides a localized error message that is safe to return to the user which can be attached to an RPC error.
Configuration for location policy among multiple possible locations (e.g. preferences for zone selection among zones in a single region).
This is deprecated and has no effect. Do not use.
This is deprecated and has no effect. Do not use.
This is deprecated and has no effect. Do not use.
This is deprecated and has no effect. Do not use.
This is deprecated and has no effect. Do not use.
Deprecated Custom authenticator credentials. Custom authenticator credentials.
MetadataFilter label name value pairs that are expected to match corresponding labels presented as metadata to the load balancer.
Opaque filter criteria used by load balancers to restrict routing configuration to a limited set of load balancing proxies. Proxies and sidecars involved in load balancing would typically present metadata to the load balancers that need to match criteria specified here. If a match takes place, the relevant configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels provided in the metadata. An example for using metadataFilters would be: if load balancing involves Envoys, they receive routing configuration when values in metadataFilters match values supplied in of their XDS requests to loadbalancers.
Metadata
A metadata key/value entry.
Deprecated Configuration for the mutual Tls mode for peer authentication. Configuration for the mutual Tls mode for peer authentication.
The named port. For example: <"http", 80>.
Configuration for an App Engine network endpoint group (NEG). The service is optional, may be provided explicitly or in the URL mask. The version is optional and can only be provided explicitly or in the URL mask when service is present. Note: App Engine service must be in the same project and located in the same region as the Serverless NEG.
Configuration for a Cloud Function network endpoint group (NEG). The function must be provided explicitly or in the URL mask. Note: Cloud Function must be in the same project and located in the same region as the Serverless NEG.
Configuration for a Cloud Run network endpoint group (NEG). The service must be provided explicitly or in the URL mask. The tag is optional, may be provided explicitly or in the URL mask. Note: Cloud Run service must be in the same project and located in the same region as the Serverless NEG.
Load balancing specific fields for network endpoint group.
All data that is specifically relevant to only network endpoint groups of type PRIVATE_SERVICE_CONNECT.
Configuration for a serverless network endpoint group (NEG). The platform must be provided. Note: The target backend service must be in the same project and located in the same region as the Serverless NEG.
A network interface resource attached to an instance.
A network peering attached to a network resource. The message includes the peering name, peer network, peering state, and a flag indicating whether Google Compute Engine should automatically create routes for the peering.
A routing configuration attached to a network resource. The message includes the list of routers associated with the network, and a flag indicating the type of routing behavior to enforce network-wide.
Time window specified for daily maintenance operations. GCE's internal maintenance will be performed within this window.
Represents a gRPC setting that describes one gRPC notification endpoint and the retry duration attempting to send notification to this endpoint.
Deprecated Configuration for the origin authentication method. Configuration for the origin authentication method.
Settings controlling the eviction of unhealthy hosts from the load balancing pool for the backend service.
A matcher for the path portion of the URL. The BackendService from the longest-matched rule will serve the URL. If no rule was matched, the default service is used.
A path-matching rule for a URL. If matched, will use the specified BackendService to handle the traffic arriving at this URL.
Deprecated Configuration for the peer authentication method. Configuration for the peer authentication method.
Custom constraint that specifies a key and a list of allowed values for Istio attributes.
Deprecated All fields defined in a permission are ANDed.
Deprecated All fields defined in a principal are ANDed.
The error(s) that caused the QueuedResource to enter the FAILED state.
Additional status detail for the FAILED state.
Output only Result of queuing and provisioning based on deferred capacity.
Queuing parameters for the requested deferred capacity.
A policy that specifies how requests intended for the route's backends are shadowed to a separate mirrored backend service. The load balancer doesn't wait for responses from the shadow service. Before sending traffic to the shadow service, the host or authority header is suffixed with -shadow.
Specifies the reservations that this instance can consume from.
Represents a reservation resource. A reservation ensures that capacity is held in a specific zone even if the reserved VMs are not running. For more information, read Reserving zonal resources.
Commitment for a particular resource (a Commitment is composed of one or more of these).
Time window specified for daily operations.
Resource policy for disk consistency groups.
A GroupPlacementPolicy specifies resource placement configuration. It specifies the failure bucket separation as well as network locality
Time window specified for hourly operations.
An InstanceSchedulePolicy specifies when and how frequent certain operations are performed on the instance.
Schedule for an instance operation.
Contains output only fields. Use this sub-message for all output fields set on ResourcePolicy. The internal structure of this "status" field should mimic the structure of ResourcePolicy proto specification.
A snapshot schedule policy specifies when and how frequently snapshots are to be created for the target disk. Also specifies how many and how long these scheduled snapshots should be retained.
Policy for retention of scheduled snapshots.
A schedule for disks where the schedueled operations are performed.
A concurrency control configuration. Defines a group config that, when attached to an instance, recognizes that instance as part of a group of instances where only up the concurrency_limit of instances in that group can undergo simultaneous maintenance. For more information: go/concurrency-control-design-doc
A maintenance window for VMs. When set, we restrict our maintenance operations to this window.
Time window specified for weekly operations.
Contains output only fields. Use this sub-message for actual values set on Instance attributes as compared to the value requested by the user (intent) in their instance CRUD calls.
A rollout policy configuration.
Description-tagged IP ranges for the router to advertise.
Configuration of logging on a NAT.
Represents a Nat resource. It enables the VMs within the specified subnetworks to access Internet without external IP addresses. It specifies a list of subnetworks (and the ranges within) that want to use NAT. Customers can also provide the external IPs that would be used for NAT. GCP would auto-allocate ephemeral IPs if no external IPs are provided.
This is deprecated and has no effect. Do not use.
DEPRECATED: Please use compute#savedDisk instead. An instance-attached disk resource.
Node Affinity: the configuration of desired nodes onto which this Instance could be scheduled.
Sets the scheduling options for an Instance.
Deprecated The configuration to access the SDS server. The configuration to access the SDS server.
Configuration options for Adaptive Protection auto-deploy feature.
Configuration options for L7 DDoS detection. This field is only supported in Global Security Policies of type CLOUD_ARMOR.
Configuration options for Cloud Armor Adaptive Protection (CAAP).
Configuration options for Cloud Armor.
Represents a match condition that incoming traffic is evaluated against. Exactly one field must be specified.
Represents a match condition that incoming network traffic is evaluated against.
Simplified google.rpc.Status type (omitting details).
Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).
The authentication and authorization settings for a BackendService.
The TLS settings for the server.
A service account.
Output Only A connection connected to this service attachment.
A set of Shielded Instance options.
The policy describes the baseline against which Instance boot integrity is measured.
A set of Shielded VM options.
The policy describes the baseline against which VM instance boot integrity is measured.
A specification of the parameters to use when creating the instance template from a source instance.
DEPRECATED: Please use compute#instanceProperties instead. New properties will not be added to this field.
Configuration and status of a self-managed SSL certificate.
Output Only Contains output only fields.
Represents a secondary IP range of a subnetwork.
Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing, Internal HTTP(S) load balancing and Traffic Director.
A set of instance tags.
Deprecated Defines the mechanism to obtain the client or server certificate. Defines the mechanism to obtain the client or server certificate.
Deprecated The paths to the mounted TLS Certificates and private key. The paths to the mounted TLS Certificates and private key.
Deprecated The TLS settings for the client or server. The TLS settings for the client or server.
Deprecated Defines the mechanism to obtain the Certificate Authority certificate to validate the client/server certificate. validate the client/server certificate.
Upcoming Maintenance notification information.
Represents a window of time using two timestamps: earliest
and latest
. This timestamp values are in RFC3339 text format.
HTTP headers used in UrlMapTests.
Message for the expected URL mappings.
The spec for modifying the path before sending the request to the matched backend service.
A VPN gateway interface.
In contrast to a single BackendService in HttpRouteAction to which all matching traffic is directed to, WeightedBackendService allows traffic to be split across multiple backend services. The volume of traffic for each backend service is proportional to the weight specified in each WeightedBackendService