Package-level declarations
Types
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both allServices
and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": "user:jose@example.com" }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": "user:aliya@example.com" } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com
from DATA_READ logging, and aliya@example.com
from DATA_WRITE logging.
Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": "user:jose@example.com" }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.
Associates members
, or principals, with a role
.
A definition of a matcher that selects endpoints to which the policies should be applied.
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
The destination to which traffic will be routed.
Specification of how client requests are aborted as part of fault injection before being sent to a destination.
Specification of how client requests are delayed as part of fault injection before being sent to a destination.
The specification for fault injection introduced into traffic to test the resiliency of clients to destination service failure. As part of fault injection, when clients send requests to a destination, delays can be introduced on a percentage of requests before sending those requests to the destination service. Similarly requests from clients can be aborted by for a percentage of requests.
A match against a collection of headers.
Specifies a match against a method.
The specifications for retries.
Specifies how to route matched traffic.
Criteria for matching traffic. A RouteMatch will be considered to match when all supplied fields match.
Describes how to route traffic.
The Specification for allowing client side cross-origin requests.
Specifications of a destination to which the request should be routed to.
Specification of how client requests are aborted as part of fault injection before being sent to a destination.
Specification of how client requests are delayed as part of fault injection before being sent to a destination.
The specification for fault injection introduced into traffic to test the resiliency of clients to destination service failure. As part of fault injection, when clients send requests to a destination, delays can be introduced by client proxy on a percentage of requests before sending those requests to the destination service. Similarly requests can be aborted by client proxy for a percentage of requests.
Represents an integer value range.
Specifies how to select a route rule based on HTTP request headers.
Specifications to match a query parameter in the request.
Specifies the policy on how requests are shadowed to a separate mirrored destination service. The proxy does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, the host/authority header is suffixed with -shadow.
The specifications for retries.
The specifications for routing traffic and applying associated policies.
RouteMatch defines specifications used to match requests. If multiple match types are set, this RouteMatch will match if ALL type of matches are matched.
Specifies how to match traffic and how to route traffic when traffic is matched.
The specification for modifying the URL of the request, prior to forwarding the request to the destination.
The matcher that is based on node metadata presented by xDS clients.
Defines a name-pair value for a single label.
The specifications for routing traffic and applying associated policies.
Describe the destination for traffic to be routed to.
RouteMatch defines the predicate used to match requests to a given action. Multiple match types are "OR"ed for evaluation. If no routeMatch field is specified, this rule will unconditionally match traffic.
Specifies how to match traffic and how to route traffic when traffic is matched.
The specifications for routing traffic and applying associated policies.
Describe the destination for traffic to be routed to.
RouteMatch defines the predicate used to match requests to a given action. Multiple match types are "AND"ed for evaluation. If no routeMatch field is specified, this rule will unconditionally match traffic.
Specifies how to match traffic and how to route traffic when traffic is matched.
Specification of a port-based selector.